A.  

HUB1-VPN3 has a higher member configuration priority than HUB1-VPN1.

B.  

The traffic matches a regular policy route configured with HUB1-VPN3 as the outgoing device

C.  

HUB1-VPN1 does not have a valid route to the destination

D.  

HUB1-VPN3 has a lower route priority value (higher priority) than HUB1-VPN1.

A.  

Based on the exhibits, which statement best describes the issue and how you can resolve it?

B.  

Remove the installation target for the SD-WAN member port4. You cannot combine metadata variable and installation targets.

C.  

Gateways for all members in a zone must be defined the same way. Specify the gateway of the SD-WAN member port! without metadata variables.

D.  

Check the metadata variable definitions, and review the per-device mapping configuration.

E.  

Check the connection between branch1_fgt and FortiManager

A.  

Latency – Member configuration order – Link cost threshold

B.  

Link quality index – Member configuration order – Link cost threshold

C.  

Links that meet the SLA targets – Member configuration order – Member local cost

D.  

Latency – Jitter - Packet loss – Bibandwidth – Member configuration order

A.  

Full SSL inspection is not enabled on the matching firewall policy.

B.  

The session 3-tuple did not match any of the existing entries in the ISDB application cache.

C.  

FortiGate could not refresh the routing information on the session after the application was detected.

D.  

No configured SD-WAN rule matches the traffic related to the collaboration application GoToMeeting

A.  

FortiGate steered this flow according to an SD-WAN rule 4.

B.  

FortiGate will never re-evaluate this session.

C.  

FortiGate steered this flow according to the application detected and the outgoing interface is port3.

D.  

FortiGate will re-evaluate this session if the outgoing interface goes down.

A.  

The configuration instructs FortiGate to choose an ADVPN shortcut based on SD-WAN information.

B.  

The configuration instructs FortiGate to allow ADVPN shortcuts for the tunnels of this SD-WAN zone.

C.  

The configuration instructs FortiGate to establish shortcuts only when at least two members meet the SLA target.

D.  

The configuration instructs FortiGate to establish shortcuts only for overlay interfaces that meet the SLA target HUB1_HC.

A.  

FoftiGate bounces port5 after it detects all SD-WAN members as dead.

B.  

FortiGate fails over to the secondary device after it detects port5 as dead.

C.  

FortiGate sends alert messages through poft5 when it detects all SD-WAN members as dead

D.  

FortiGate brings down port5 after it detects all SD-WAN members as dead.

A.  

FortiManager updates the device configuration according to the selected templates. It applies the corp_st template first.

B.  

FortiManager does not update the port1 configuration because FortiManager does not change the configuration of interfaces with fgfm access.

C.  

FortiManager updates access rights only for port1. FortiManager cannot update the IP address because it was already set manually.

D.  

FortiManager updates the configuration of port1, port2, and port5. The three ports might get new IP addresses.

A.  

This device is a spoke that has received a direct shortcut query from a remote spoke.

B.  

This device is a hub, and two spokes, 192.2.0.1 and 10.0.3.101, established a shortcut.

C.  

This device is a hub that has received a shortcut query from a spoke and has forwarded it to another spoke.

D.  

This device is a spoke that has received a shortcut query from a remote hub.

A.  

Any interface in the overlay zones

B.  

Interface connected to HUB only

C.  

Between T3 on Branch-A and TC on Branch-B

D.  

Between T2 on Branch-A and TA on Branch-B

A.  

HUB2-VPN2

B.  

HUB1-VPN2 or HUB2-VPN2

C.  

port1 or port2

D.  

Any interface in the HUB1 or HUB2 zones

A.  

A template group can include a system template and an SD-WAN template.

B.  

Each template group can contain up to three IPsec tunnel templates.

C.  

CLI templates are applied in order, from top to bottom

D.  

A CLI template group can contain CLI templates of both types.

E.  

A CLI template can be of type CLI script or Perl script.

A.  

By default, FortiGate uses SD-WAN rules only for local-out traffic that corresponds to ping and traceroute.

B.  

By default, local-out traffic does not use SD-WAN.

C.  

You can steer local-out traffic only with SD-WAN rules that use the manual strategy.

D.  

You must configure each local-out feature individually to use SD-WAN.

A.  

By default, FortiGate offloads symmetric and asymmetric flows.

B.  

The original direction of the symmetric traffic flows from port3 to port2.

C.  

The reply direction of the asymmetric traffic flows from port2 to port3.

D.  

The auxiliary session can be offloaded to hardware.

A.  

You can build an SD-WAN topology that includes all devices. The hubs can be FortiGate devices with Forti Extender.

B.  

You can build an SD-WAN topology that includes all devices. The hubs must be devices without extensions.

C.  

You must use FortiManager to manage your SD-WAN topology.

D.  

You must build multiple SD-WAN topologies. Each topology must contain only one type of extension.

A.  

SD-WAN service rule 3 and interface HUB1-VPN2.

B.  

SD-WAN service rule 3 and interface HUB1-VPN3.

C.  

SD-WAN service rule 4 and port1 or port2.

D.  

SD-WAN service rule 4 and interface port2.

A.  

Three spokes have tunnels that are out of SL

A.  

B.  

The template Corp-SOT defines a dual-hub topology.

C.  

branch3_fgt is configured with three SD-WAN overlay tunnels and one is down.

D.  

branch1_fgt is configured with six SD-WAN overlay tunnels and three are down.

A.  

Configure routing through the overlay tunnels created by the SD-WAN overlay template.

B.  

Create policy packages and assign them to the branch devices.

C.  

Assign a hub id metadata variable to each hub device.

D.  

Configure SD-WAN rules

E.  

Assign an sdwan_id metadata variable to each device (branch and hub)

A.  

You can assign only one template with a tunnel type of static to each FortiGate device.

B.  

You can assign only one IPsec template to each FortiGate device.

C.  

You should review the branch1_fgt configuration for configured tunnels in the rootVDOM.

D.  

You should use the same outgoing interface of both templates.

A.  

The diagnose output shows that HUB1-VPN1 and all HUBx-VPNy members are dead.

B.  

The diagnose output does not correspond to a device configured with the SD-WAN template shown in the exhibit.

C.  

The diagnose output was collected on the device branch2_fgt.

D.  

The diagnose output was collected on the device branch1_fgt

A.  

You can steer local-out traffic only with SD-WAN rules that use the manual strategy.

B.  

By default, FortiGate uses SD-WAN rules only for local-out traffic that corresponds to ping and traceroute.

C.  

By default, local-out traffic does not use SD-WAN.

D.  

You must configure each local-out feature individually to use SD-WAN.

A.  

FoftiGate installs ECMP static routes for the first two members of the zone.

B.  

FortiGate ignores the static routes defined through members referenced in the zone.

C.  

FortiGate routes the traffic through the best performing member of the zone.

D.  

FortiGate installs a static route for each member in the zone.

A.  

You can activate auto-discovery VPN in the SD-WAN overlay template only if it is a single hub topology.

B.  

When auto-discovery VPN is enabled, FortiManager updates the IPsec and BGP templates in the hub.

C.  

After you enable auto-discovery VPN in the overlay template, you must select between ADVPN 2.0 and ADVPN 1.0.

D.  

You can activate auto-discovery VPN in the SD-WAN overlay template for any type of topology, including a primary-primary dual-hub topology.

A.  

The session information output displays no SD-WAN service id.

B.  

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

C.  

The traffic is distributed, regardless of weight, through all available static routes.

D.  

Traffic does not match any of the entries in the policy route table.

E.  

FortiGate flags the session with may_dirty and vwl_def ault.

A.  

FortiGate passively monitors the member if TCP traffic is passing through the member.

B.  

After FortiGate switches to active mode, the SLA performance rule falls back to passive monitoring after 3 minutes.

C.  

FortiGate passively monitors the member if ICMP traffic is passing through the member.

D.  

During passive monitoring, the SLA performance rule cannot detect dead members.

E.  

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

A.  

You can select the outbandwidth hash mode with all strategies that allow load balancing.

B.  

Only the manual and best-quality strategies allow SD-WAN load balancing.

C.  

When applicable. FortiGate load balances the traffic through all members that meet the SLA target.

D.  

SD-WAN load balancing is possible only using the best quality and lowest cost (SLA) strategies.

A.  

Update the management IP address of branch1_fgt.

B.  

Specify the gateway of the SD-WAN member port1 with an IP address or use the default value.

C.  

Do not define installation targets for SD-WAN members.

D.  

Review the per-device mapping configuration for metadata variables

A.  

Use the SD-WAN monitor template view to get a map view of the branches, hub, and tunnel status, including the SLA pass or missed status.

B.  

Use the SD-WAN monitor table view to get a donut view and a table view that shows the status of each SD-WAN member, including the SLA pass or missed status.

C.  

Use the VPN monitor map view to get a map view of the branches, hub, and tunnel status, including the SLA pass or missed status.

D.  

Use the SD-WAN monitor asset view to get a donut view and a table view that shows the status of each device and the SLA status of each SD-WAN member.