The correct answer is C and D. FortiGate NGFW can inspect north-south container traffic with label
aware policies and FortiGate NGFW and FortiSandbox can be used to secure container traffic.
According to the Fortinet documentation for container security1, FortiGate NGFW can provide the
following benefits for securing container infrastructure:
It can inspect north-south traffic between containers and external networks using label aware
policies, which allow for dynamic policy enforcement based on Kubernetes labels and metadata.
It can integrate with FortiSandbox to provide advanced threat protection for container traffic, by
sending suspicious files or URLs to a cloud-based sandbox for analysis and detection.
It can leverage FortiGuard Security Services to provide real-time threat intelligence and updates for
container traffic, such as antivirus, web filtering, IPS, and application control.
The other options are incorrect because:
FortiGate NGFW cannot be placed between each application container for north-south traffic
inspection, as this would create unnecessary complexity and overhead. Instead, FortiGate NGFW can
be deployed at the edge of the container network or as a sidecar proxy to inspect traffic at the
ingress and egress points.
FortiGate NGFW cannot connect to the worker node and protect the container, as this would not
provide sufficient visibility and control over the container traffic. Instead, FortiGate NGFW can
leverage the native Kubernetes APIs and services to monitor and secure the container traffic.
1: Fortinet Documentation Library - Container Security
