SD-WAN 7.2 Fortinet

Refer to the exhibit. The exhibit shows the BGP con guration on the hub in a hub-and-spoke topology. The administrator wants BGP to advertise pre xes from spokes to other spokes over the IPsec overlays, including additional paths. However, when looking at the spoke routing table, the administrator does not see the pre xes from other spokes and the additional paths. Based on the exhibit, which three settings must the administrator con gure inside each BGP neighbor group so spokes can learn other spokes prexes and their additional paths? (Choose three.). Enable soft-recon guration. Enable route-reector-client. Set additional-path to send. Set adv-additional-path to the number of additional paths to advertise. Set advertisement-interval to the number of additional paths to advertise.

What are two advantages of using an IPsec recommended template to con gure an IPsec tunnel in an hub-and-spoke topology? (Choose two.). It ensures consistent settings between phase1 and phase2. It guides the administrator to use Fortinet recommended settings. The VPN monitor tool provides additional statistics for tunnels de ned with an IPsec recommended template. It automatically install IPsec tunnels to every spoke when they are added to the FortiManager ADOM.

Refer to the exhibit. FortiGate does not change the routing information on existing sessions that use a valid gateway, after a route change. FortiGate always blocks all tra c, after a route change. FortiGate performs routing lookups for new sessions only, after a route change. FortiGate ushes all routing information from the session table, after a route change.

In a hub-and-spoke topology, what are two advantages of enabling ADVPN on the IPsec overlays? (Choose two.). It provides the bene ts of a full-mesh topology in a hub-and-spoke network. It enables spokes to establish shortcuts to third-party gateways. It provides direct connectivity between spokes by creating shortcuts. It enables spokes to bypass the hub during shortcut negotiation.

Refer to the exhibit. The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device. The administrator wants to know through which interface FortiGate will steer the tra c from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HQ servers 10.0.0.1. Based on the exhibits, which two statements are correct? (Choose two.). There is no service de ned for the Salesforce application, so FortiGate will use the service rule 3 and steer the tra c through interface T_HQ1. FortiGate steers tra c to HQ servers according to service rule 1 and it uses port1 or port2 because both interfaces are selected. When FortiGate cannot recognize the application of the ow it steers the tra c destined to server 10.0.0.1 according to service rule 3. FortiGate steers tra c for business application according to service rule 2 and steers tra c through port2.

Which are three key routing principles in SD-WAN? (Choose three.). By default. SD-WAN members are skipped if they do not have a valid route to the destination. By default. SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member. FortiGate performs route lookups for new sessions only. SD-WAN rules have precedence over ISDB routes. Regular policy routes have precedence over SD-WAN rules.

Refer to the exhibit. Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. Which two con guration settings are required for Toronto and London spokes to establish an ADVPN shortcut? (Choose two.) A. On the hubs, net-device must be enabled on all IPsec VPNs. B. auto-discovery-forwarder must be enabled on all IPsec VPNs. C. On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub. D. On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes. On the hubs, net-device must be enabled on all IPsec VPNs. auto-discovery-forwarder must be enabled on all IPsec VPNs. On the spokes, auto-discovery-receiver must be enabled on the IPsec VPN to the hub. On the hubs, auto-discovery-sender must be enabled on the IPsec VPNs to spokes.

What are two common use cases for remote internet access (RIA)? (Choose two.). Provide internet access through the hub. Centralize security inspection on the hub. Provide thorough inspection on spokes. Provide direct internet access on spokes.

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?. get router info routing-table all. get ipsec tunnel list. diagnose vpn tunnel list. diagnose debug application ike.

Refer to the exhibits. Exhibit A. Exhibit B. An administrator is testing application steering in SD-WAN. Before generating test tra c, the administrator collected the information shown in exhibit A. After generating GoToMeeting test tra c, the administrator examined the respective tra c log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the tra c matched the implicit SD-WAN rule, but they expected the tra c to match rule ID 1. Which two reasons explain why some log messages show that the tra c matched the implicit SD-WAN rule? (Choose two.). Port1 and port2 do not have a valid route to the destination. The session 3-tuple did not match any of the existing entries in the ISDB application cache. Full SSL inspection is not enabled on the matching rewall policy. FortiGate did not refresh the routing information on the session after the application was detected.

Which diagnostic command can you use to show the con gured SD-WAN zones and their assigned members?. diagnose sys sdwan member. diagnose sys sdwan interface. diagnose sys sdwan zone. diagnose sys sdwan service.

Which statement is correct about SD-WAN and ADVPN?. SD-WAN can steer tra c to ADVPN shortcuts only for rules de ned with strategy manual or best quality. SD-WAN does not monitor the health and performance of ADVPN shortcuts. SD-WAN cannot steer tra c to ADVPN shortcuts established over IPSec overlays if the zone contains physical interfaces. SD-WAN can steer tra c to ADVPN shortcuts established over IPsec overlays con gured as SD-WAN members.

Refer to the exhibit. The exhibit shows the SD-WAN rule status and con guration. Based on the exhibit, which change in the measured latency will make T_MPLS_0 the new preferred member?. When T_INET_0_0 has a latency of 250 ms. When T_MPLS_0 has a latency of 80 ms. When T_INET_0_0 and T_MPLS_0 have the same latency. When T_MPLS_0 has a latency of 100 ms.

What is a bene t of using application steering in SD-WAN?. The traffic always skips the regular policy routes. You do not need to configure firewall policies that accept the SD-WAN traffic. You steer traffic based on the detected application. You do not need to enable SSL inspection.

Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.). After FortiGate switches to active mode, the SLA performance rule never fallsback to passive monitoring. FortiGate passively monitors the member if TCP traffic is passing through the member. FortiGate can offroad the traffic that is subject to passive monitoring to hardware. During passive monitoring, the SLA performance rule cannot detect dead members.

Which two statements about the SD-WAN members are true? (Choose two.). Interfaces of type virtual wire pair can be used as SD-WAN members. You can manually de ne the SD-WAN members sequence number. An SD-WAN member can belong to two or more SD-WAN zones. Interfaces of type VLAN can be used as SD-WAN members.

Refer to the exhibit. An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0. However, the traffic is routed over T_INET_1. Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.). T_INET_1 has a lower route priority value (higher priority) than T_INET_0. The traffic matches a regular policy route configured with T_INET_1 as the outgoing device. T_INET_1 has a higher member configuration priority than T_INET_0. T_INET_0 does not have a valid route to the destination.

Within IPsec tunnel templates available on FortiManager, which template will you use to configure static tunnels for a hub and spoke topology?. Hub_IPsec_Recommended. Static_IPsec_Recommended. IPsec Fortinet Recommended. Branch IPsec Recommended.

The administrator uses the FortiManager SD-WAN overlay template to prepare an SD-WAN deployment. With information provided through the SD-WAN overlay template wizard, FortiManager creates templates ready to install on spoke and hub devices. Select three templates created by the SD-WAN overlay template for a spoke device. (Choose three.). IPsec tunnel template. BGP template. Overlay template. System template. CLI template.

Refer to the exhibit. Based on the output, which two conclusions are true? (Choose two.). Entry 1 (id=1) is a regular policy route. There is more than one SD-WAN rule configured. The SD-WAN rules take precedence over regular policy routes. The all_rules rule represents the implicit SD-WAN rule.

What are two bene ts of using forward error correction (FEC) in IPsec VPNs? (Choose two.). FEC can leverage multiple IPsec tunnels for parity packets transmission. FEC transmits parity packets that can be used to reconstruct packet loss. FEC improves reliability of noisy links. FEC supports hardware offloading.

Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI Based on the exhibit, which statement is true?. You can move port1 from the underlay zone to the overlay zone. You can delete the virtual-wan-link zone because it contains no member. The corporate zone contains no member. The overlay zone contains four members.

Refer to the exhibit. Based on the exhibit, which two actions does FortiGate perform on sessions after a rewall policy change? (Choose two.). FortiGate terminates the old sessions. FortiGate evaluates new sessions. FortiGate does not change existing sessions. FortiGate ushes all sessions.

Refer to the exhibit. The exhibit shows the details of a session and the index numbers of some relevant interfaces on a FortiGate appliance that supports hardware o oading. Based on the information shown in the exhibits, which two statements about the session are true? (Choose two.). The main session cannot be offloaded to hardware. The original direction of the symmetric traffic flows from port3 to port2. The reply direction of the asymmetric traffic flows from port2 to port3. The auxiliary session can be offloaded to hardware.

The SD-WAN overlay template helps to prepare SD-WAN deployments. To complete the tasks performed by the SD-WAN overlay template, the administrator must perform some post-run tasks. What are three mandatory post-run tasks that must be performed? (Choose three.). Assign an sdwan_id metadata variable to each device (branch and hub). Assign a branch_id metadata variable to each branch device. Create policy packages for branch devices. Configure SD-WAN rules. Configure routing through overlay tunnels created by the SD-WAN overlay template.

Refer to the exhibit. (Una opcion) In a dual-hub hub-and-spoke SD-WAN deployment, which is a bene t of disabling the anti-replay setting on the hubs?. It instructs the hub to skip content inspection on TCP traffic, to improve performance. It instructs the hub to not check the ESP sequence numbers on IPsec traffic, to improve performance. It instructs the hub to disable TCP sequence number check, which is required for TCP sessions originated from spokes to fail over back. It instructs the hub to disable the reordering of TCP packets on behalf of the receiver, to improve performance.

Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.). The session information output displays no SD-WAN-specific details. All SD-WAN rules have the default and gateway setting enabled. Traffic does not match any of the entries in the policy route table. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Refer to the exhibits. Exhibit A shows the packet duplication rule configuration, the SD-WAN zone status output, and the sniffer output on a FortiGate device acting as the sender. Exhibit B shows the sniffer output on a FortiGate device acting as the receiver. The administrator configured packet duplication on both FortiGate devices. The sniffer output on the sender FortiGate shows that FortiGate forwards an ICMP echo request packet over three overlays, but it only receives one reply packet through T_INET_1. Based on the output shown in the exhibits, which two reasons can cause the observed behavior? (Choose two.). The ICMP echo request packets sent over T_INET_0 and T_MPLS were dropped along the way. On the receiver FortiGate, packet-de-duplication is enabled. On the sender FortiGate, duplication-max-num is set to 3. The sender FortiGate has anti-replay enabled to block duplicate ICMP replies.

Refer to the exhibit. Which statement about the role of the ADVPN device in handling traffic is true?. This is a spoke that has received an offer from a remote hub. Two spokes, 192.2.0.1 and 10.0.2.101, establish a shortcut. This is a hub that has received an offer from a spoke and has forwarded it to another spoke. An IKE session is established between 10.0.1.101 and 10.0.2.101 in the process of forming a shortcut tunnel.

Which two statements are true about using SD-WAN to steer local-out traffic? (Choose two.). By default, FortiGate does not check if the selected member has a valid route to the destination. You must configure each local-out feature individually, to use SD-WAN. By default, local-out traffc does not use SD-WAN. FortiGate does not consider the source address of the packet when matching an SD-WAN rule for local-out traffic.

Refer to the exhibits. Exhibit A shows the SD-WAN performance SLA and exhibit B shows the SD-WAN member status, the routing table, and the performance SLA status. If port2 is detected dead by FortiGate, what is the expected behavior?. Host 8.3.8.8 is reachable through port1 and port2. Port2 becomes alive after three successful probes are detected. The administrator manually restores the static routes for port2, if port2 becomes alive. FortiGate disables all static routes for port2.

In which SD-WAN template field can you use a metadata variable?. You can use metadata variables only to de ne interface members and the gateway IP. Any field identified with a dollar sign (S) in a magnifying glass. Any field identified with an "M" in a circle. All SD-WAN template elds support metadata variables.

Refer to the exhibit. The device exchanges routes using IBGP. Which two statements are correct about the IBGP con guration and routing information on the device? (Choose two.). Each BGP route is three hops away from the destination. ibgp-multipath is disabled. You can run the get router info routing-table database command to display the additional paths. additional-path is enabled.

Refer to the exhibit, which shows output of the command diagnose sys sdwan health-check status collected on a FortiGate device. Which two statements are correct about the health check status on this FortiGate device? (Choose two.). The interface T_INET_0 missed three SLA targets. The interface T_INET_1 missed one SLA target. There is no SLA criteria configured for the health-check Level3_DNS. The health-check VPN_PING orders the members according to the measured jitter.

Refer to the exhibits. Exhibit A Exhibit B Exhibit A shows a policy package de nition. Exhibit B shows the install log that the administrator received when he tried to install the policy package on FortiGate devices. Based on the output shown in the exhibits, what can the administrator do to solve the issue?. Create dynamic mapping for the LAN interface for all devices in the installation target list. Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface. Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt. Use a metadata variable instead of a dynamic interface to de ne the firewall policy.

What is true about SD-WAN multiregion topologies?. It is not compatible with ADVPN. Routing between the hub and spokes must be BGP. Regions must correspond to geographical areas. Each region has its own SD-WAN topology.

Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke. What must you configure on the IPsec phase 1 configuration for ADVPN to work with SD-WAN?. You must disable idle-timeout. You must set ike-version to 1. You must enable auto-discovery-sender. You must enable net-device.

Which statement about using BGP for ADVPN is true?. IBGP is preferred over EBGP, because IBGP preserves next hop information. You must configure AS path prepending. You must configure BGP communities. You must use BGP to route traffic for both overlay and underlay links.

Refer to the exhibit that shows VPN event logs on FortiGate. Based on the output shown in the exhibit, which statement is true?. There is one shortcut tunnel built from master tunnel T_MPLS_0. The master tunnel T_INET_0 cannot accept the ADVPN shortcut. There are no IPsec tunnel statistics log messages for ADVPN shortcuts. The VPN tunnel T_MPLS_0 is a shortcut tunnel.

Refer to the exhibit. Based on the exhibit which action does FortiGate take?. FortiGate brings down port5 after it detects all SD-WAN members as dead. FortiGate brings up port5 after it detects all SD-WAN members as alive. FortiGate bounces port5 after it detects all SD-WAN members as dead. FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

Which two settings can you configure to speed up routing convergence in BGP? (Choose two.). link-down-failover. update-source. holdtime-timer. set-route-rag.

Refer to the exhibit. Which algorithm does SD-WAN use to distribute tra c that does not match any of the SD-WAN rules?. All traffic from a source IP is sent to the most used interface. All traffic from a source IP is sent to the most used interface. All traffic from a source IP to a destination IP is sent to the same interface. All traffic from a source IP is sent to the same interface. All traffic from a source IP to a destination IP is sent to the least used interface.

Refer to the exhibits. Exhibit A shows two IPsec templates to de ne BranchIPsec_1 and Branch_IPsec_2. Each template de nes a VPN tunnel. Exhibit B shows the error message that FortiManager displayed when the administrator tried to assign the second template to the FortiGate device. Which statement best explain the cause for this issue?. You should review the branch1_fgt configuration for the already configured tunnel with the name HUB1-VPN2. You can de ne only one IPsec tunnel from branch devices to HUB1. You can assign only one template with a tunnel of type static to each FortiGate device. You can assign only one IPsec template to each FortiGate device.

Which two statements about SLA targets and SD-WAN rules are true? (Choose two.) SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements. SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements. Member metrics are measured only if an SLA target is configured. When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA. SLA targets are used only by SD-WAN rules that are con gured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

Which two statements about the SD-WAN zone configuration are true? (Choose two.). You can use the service-sla-tie-break setting to configure preferred member selection based on the best route to the destination. The default zone is virtual-wan-link. You can delete the default zones. An SD-WAN member can belong to two or more zones.

Refer to the exhibit. Which statement explains the output shown in the exhibit?. FortiGate performed standard FIB routing on the session. FortiGate will not re-evaluate the session following a firewall policy change. FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic. FortiGate must re-evaluate the session due to routing change.

Exhibit A shows a site-to-site topology between two FortiGate devices: branch1_fgt and dc1_fgt. Exhibit B shows the system global and system settings configuration on dc1_fgt. When branch1_client establishes a connection to dc1_host, the administrator observes that, on dc1_fgt, the reply traffic is routed over T_INET_0_0, even though T_INET_1_0 is the preferred member in the matching SD-WAN rule. Based on the information shown in the exhibits, what configuration change must be made on dc1_fgt so dc1_fgt routes the reply traffic over T_INET_1_0?. Disable tcp-session-without-syn under con g system settings. Disable allow-subnet-overlap under con g system settings. Enable auxiliary-session under con g system settings. Enable snat-route-change under conffig system global.

Which two interfaces are considered overlay links? (Choose two.). IPsec. LAG. Physical. GRE.

Refer to the exhibit. Which configuration change is required if the responder FortiGate uses a dynamic routing protocol to exchange routes over IPsec?. type must be set to static. add-route must be disabled. mode-cfg must be enabled. exchange-interface-ip must be enabled.

Refer to the exhibit. Two hub-and-spoke groups are connected through a site-to-site IPsec VPN between Hub 1 and Hub 2. The administrator con gured ADVPN on both hub-and-spoke groups. Which two outcomes are expected if a user in Toronto sends tra c to London? (Choose two.). London generates an IKE information message that contains the Toronto public IP address. The first packets from Toronto to London are routed through Hub 1 then to Hub 2. Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN. Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

Which diagnostic command can you use to show the member utilization statistics measured by performance SLAs for the last 10 minutes?. diagnose sys sdwan sla-log. diagnose sys sdwan log. diagnose sys sdwan health-check. diagnose sys sdwan intf-sla-log.

Refer to the exhibits. Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate. Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.). FortiGate continues routing the sessions with no SNAT, over port2. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2. FortiGate flags the sessions as dirty. FortiGate performs a route lookup for the original traffic only.

Which three matching tra c criteria are available in SD-WAN rules? (Choose three.). Type of physical link connection. Source and destination IP address. URL categories. Application categories. Internet service database (ISDB) address object.

What is the route-tag setting in an SD-WAN rule used for?. To indicate the routes that can be used for routing SD-WAN traffic. To indicate the members that can be used to route SD-WAN traffic. To indicate the routes for health check probes. To indicate the destination of a rule based on learned BGP prefixes.

What are two characteristics of the internet service database (ISDB) in an SD-WAN rule? (Choose two.). The ISDB is dynamically updated and reduces administrative overhead. The ISDB contains the IP addresses and port ranges of well-known internet services. The ISDB applies rules to traffic from specific sources, based on application type. The ISDB requires application control to maintain signatures and perform load balancing.

Which SD-WAN setting enables FortiGate to delay the recovery of ADVPN shortcuts?. idle-timeout. link-down-failover. auto-discovery-shortcuts. hold-down-time.

Which statement about SD-WAN zones is true?. You can configure up to 32 SD-WAN zones per VDOM. You cannot use an SD-WAN zone in static route definitions. An SD-WAN zone can contain only one type of interface. An SD-WAN zone can contain between 0 and 512 members.

Which three characteristics apply to provisioning templates available on FortiManager? (Choose three.). You cannot apply a system template and CLI template to the same FortiGate device. A CLI template can be of type CLI script or Perl script. A CLI template group can contain CLI templates of both types. A template group can include a system template and an SD-WAN template. CLI templates are applied in order, from top to bottom.

What are two benefits of using CLI templates in FortiManager? (Choose two.). You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template. You can configure advanced CLI settings. You can configure interfaces as SD-WAN members without having to remove references first. You can reference metadata variables.

What are two benefits of choosing packet duplication over FEC for data loss correction on noisy links? (Choose two.). Packet duplication does not require a route to the destination. Packet duplication can leverage multiple IPsec overlays for sending additional data. Packet duplication supports hardware offloading. Packet duplication uses smaller parity packets which results in less bandwidth consumption.

Refer to the exhibits. Which two statements about the IPsec VPN con guration and the status of the IPsec VPN tunnel are true? (Choose two.). The phase 1 configuration supports the network-overlay setting. FortiGate does not install IPsec static routes for remote protected networks in the routing table. UDP port 4500 is used for IPsec VPN traffic (ESP). FortiGate facilitated the negotiation of the T_INET_1_0 ADVPN shortcut over T_INET_1.

Refer to the exhibits. Exhibit A shows the SD-WAN performance SLA con guration, the SD-WAN rule con guration, and the application IDs of Facebook and YouTube. Exhibit B shows the firewall policy configuration and the underlay zone status. Based on the exhibits, which two statements are correct about the health and performance of port1 and port2? (Choose two.). Non-TCP Facebook and YouTube traffic are not used for performance measurement. FortiGate is unable to measure jitter and packet loss on Facebook and YouTube traffic. The performance is an average of the metrics measured for Facebook and YouTube traffic passing through the member. FortiGate identifies the member as dead when there is no Facebook and YouTube traffic passing through the member.

Refer to the exhibits. Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration. Based on the exhibits, which two statements are correct? (Choose two.). FortiGate updated the outgoing interface list on the rule so it prefers port2. Port2 has the highest member priority. SD-WAN rule ID 1 is set to lowest cost (SLA) mode. Port2 has a lower latency than port(no se si pondrá 1).

Refer to the exhibits. The administrator wants to steer corporate traffic using route tags in the SD- WAN rule ID 1. However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1. Based on the exhibits, which configuration change is required to x the issue?. In the dc1-lan-rm route map configuration, set set-route-tag to 10. In SD-WAN rule ID 1, change the destination to use ISDB entries. In the dc1-lan-rm route map configuration, unset match-community. In the BGP neighbor configuration, apply the route map dc1-lan-rm in the outbound direction.

Refer to the exhibit. The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device. Based on the exhibit, which statement best describes the con guration applied to the FortiGate device?. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests. It is a hub device. It can send ADVPN shortcut offers. It is a hub device and will automatically discover the spoke devices that are part of the SD-WAN topology. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The local subnet range is 10.10.128.0/23.

What does enabling the exchange-interface-ip setting enable FortiGate devices to exchange?. The tunnel ID of their IPsec interfaces. The name of their IPsec interfaces. The gateway address of their IPsec interfaces. The IP address of their IPsec interfaces.

Refer to the exhibit. The exhibit shows the SD-WAN rule status and con guration. Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?. When T_INET_1_0 has 4% packet loss. When T_INET_0_0 has 12% packet loss. When T_INET_0_0 has 4% packet loss. When all three members have the same packet loss.

Refer to the exhibit. Which statement about the role of the ADVPN device in handling traffic is true?. Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs. This is a spoke that has received a query from a remote hub and has forwarded the response to its hub. This is a hub that has received a query from a spoke and has forwarded it to another spoke. Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.

Refer to the exhibits. Exhibit A shows the system interface, exhibit B shows the static route configuration, and exhibit C shows the firewall policies on the managed FortiGate device. Based on the FortiGate configuration shown in the exhibits, which issue might you encounter when creating an SD-WAN Zone for port and port2?. port1 and port2 are not administratively down. port2 is referenced in a static route. port1 is assigned a manual IP address. port1 is referenced in a firewall policy.

Refer to the exhibits. Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status. The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule. Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?. The traffic will be load balanced across all three overlays. The traffic will be routed over T_INET_1_0. The traffic will be routed over T_INET_0_0. The traffic will be routed over T_MPLS_0.

Refer to the exhibit. Based on the exhibit, which two statements are correct about the health of the selected members? (Choose two.). After FortiGate switches to active mode, the SLA performance rule never fallsback to passive monitoring. FortiGate passively monitors the member if TCP traffic is passing through the member. FortiGate can o offload the traffic that is subject to passive monitoring to hardware. During passive monitoring, the SLA performance rule cannot detect dead members.