Which are two benefits of using CLI templates in FortiManager? (Choose two.)
A. You can reference meta fields.
B. You can configure interfaces as SD-WAN members without having to remove references first.
C. You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.
D. You can configure advanced CLI settings.
Refer to the exhibits.
An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A. After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1. Which two reasons explain why the traffic matched the implicit SD-WAN rule? (Choose two.)
A. FortiGate did not refresh the routing information on the session after the application was detected.
B. Port1 and port2 do not have a valid route to the destination.
C. Full SSL inspection is not enabled on the matching firewall policy.
D. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.)
A. FortiGate does not consider the source address of the packet when matching an SDWAN rule for local-out traffic.
B. By default, local-out traffic does not use SD-WAN.
C. By default, FortiGate does not check if the selected member has a valid route to the destination.
D. You must configure each local-out feature individually, to use SD-WAN.
Refer to the exhibit.
The exhibit shows the SD-WAN rule status and configuration. Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?
A. When all three members have the same packet loss.
B. When T_INET_0_0 has 4% packet loss.
C. When T_INET_0_0 has 12% packet loss.
D. When T_INET_1_0 has 4% packet loss.
Exhibit.
The exhibit shows the output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.)
A. The health-check VPN_PING orders the members according to the lowest jitter.
B. The interface T_INET_1 missed one SLA target.
C. There is no SLA criteria configured for the health-check Level3_DNS.
D. The interface T_INET_0 missed three SLA targets.
Explanation:
According to the FortiGate / FortiOS 6.4.2 Administration Guide, the health check status command displays the status of the health check probes for each SD-WAN member interface.
Which two statements about SD-WAN central management are true? (Choose two.)
A. It does not allow you to monitor the status of SD-WAN members.
B. It is enabled or disabled on a per-ADOM basis.
C. It is enabled by default.
D. It uses templates to configure SD-WAN on managed devices.
What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?
A. The gateway address of their IPsec interfaces
B. The tunnel ID of their IPsec interfaces
C. The IP address of their IPsec interfaces
D. The name of their IPsec interfaces
Refer to the exhibit.
Which statement explains the output shown in the exhibit?
A. FortiGate performed standard FIB routing on the session.
B. FortiGate will not re-evaluate the session following a firewall policy change.
C. FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.
D. FortiGate must re-evaluate the session due to routing change.
Explanation:
The snat-route-change option is enabled by default. This option enables FortiGate to reevaluate the routing table and select a new egress interface if the next hop IP address changes. This option only applies to sessions in the dirty state. Sessions in the log state are not affected by routing changes.
Refer to the exhibits.
Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration. Based on the exhibits, which two statements are correct? (Choose two.)
A. FortiGate updated the outgoing interface list on the rule so it prefers port2.
B. Port2 has the highest member priority.
C. Port2 has a lower latency than port1.
D. SD-WAN rule ID 1 is set to lowest cost (SLA) mode.
Refer to the exhibit.
Based on the exhibit, which statement about FortiGate re-evaluating traffic is true?
A. The type of traffic defined and allowed on firewall policy ID 1 is UDP.
B. FortiGate has terminated the session after a change on policy ID 1.
C. Changes have been made on firewall policy ID 1 on FortiGate.
D. Firewall policy ID 1 has source NAT disabled.
Refer to the exhibits.
Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10. Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration. The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1. However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1. Based on the exhibits, which configuration change is required to fix issue?
A. In the dcl-lab-rm route map configuration, set set-route-tag to 10.
B. In SD-WAN rule ID 1, change the destination to use ISDB entries.
C. In the BGP neighbor configuration, apply the route map dcl-lab-rm in the outbound direction.
D. In the dcl-lab-rm route map configuration, unset match-community.
Refer to the exhibit.
Which algorithm does SD-WAN use to distribute traffic that does not match any of the SDWAN rules?
A. All traffic from a source IP to a destination IP is sent to the same interface.
B. All traffic from a source IP is sent to the same interface.
C. All traffic from a source IP is sent to the most used interface.
D. All traffic from a source IP to a destination IP is sent to the least used interface.
| Page 2 out of 8 Pages |
| Previous |