Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
A. To remove the NAT operation.
B. To generate logs
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
The right answer is D.
FortiGate Security 6.2 Study Guide pag. 182: When a session is closed by both sides, FortiGate keep in the sessione table for a few seconds more, to allow any out-of-order packets that could arrive after the FIN/ACK packet. This is the state value 5.