hiexam
fortinet · NSE7_SDW-72 · Q425 · multiple_response · topic_1

Refer to the exhibits. Exhibit A. //IMG// Exhibit B. //IMG// An administrator is testing application steering in SD-W…

Refer to the exhibits. Exhibit A. //IMG// Exhibit B. //IMG// An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A. After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1. Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)
  • A.Port1 and port2 do not have a valid route to the destination.
  • B.The session 3-tuple did not match any of the existing entries in the ISDB application cache.
  • C.Full SSL inspection is not enabled on the matching firewall policy.
  • D.FortiGate did not refresh the routing information on the session after the application was detected.
Explanation
Selected Answer: BD B: There is no 3-tuple with IP 23.212.248.205 D: Page 156 of the study guide. "By default, SNAT sessions are not flagged as dirty following a routing change that impacts the session". So, the first routing match is the default sd wan rule. After identifying the app, the match is now rule ID 1. However, because there is SNAT to the Internet, the session is not marked as "dirty". It is not re-evaluated and traffic keeps going through port2.

Reference: examtopics_top_comment

Practice with progress tracking

Sign in to track wrong answers, get spaced-repetition reminders, and run timed exam mode.

Start tracked practicePricing