View all questions & answers for the NSE 4 - FortiOS 7.6 Administrator Exam Materials exam


Question 39 Discussion

What are three key routing principles in SD-WAN? (Choose three answers)

  • A. By default, SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination.
  • B. SD-WAN rules have precedence over any other type of routes.
  • C. Regular policy routes have precedence over SD-WAN rules.
  • D. By default, SD-WAN rules are skipped if only one route to the destination is available.
  • E. By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
Correct Answer: A,C,E

Brave-Dump Clients Votes

ABE 50%
ACE 50%

Comments



Roberto Kevin Conopuma Damián 2025-10-16 11:36:45

Selected Answers: A, B, E


This slide shows the SD-WAN rule lookup process. SD-WAN rules are essentially policy routes. Like regular
policy routes, SD-WAN rules are checked from top to bottom (first match). For each rule, FortiGate maintains
an outgoing interface (oif) list. The oif list sorts the configured members by preference based on the
strategy in use. The members that are placed first in the list have higher preference for steering traffic.
FortiGate starts the lookup process by comparing the packet against the rule matching criteria. If the packet
doesn’t match the criteria, FortiGate moves on to the next rule, and so on, until it finds a match. Then,
FortiGate proceeds as follows:
1. FortiGate performs a forwarding information base (FIB) lookup for the packet destination IP (dstip). If
the resolved interface for the fib-best-match isn’t an SD-WAN member, then FortiGate moves on to
the next rule. This behavior follows the key routing principle: SD-WAN rules are skipped if the best route
to the destination isn’t an SD-WAN member.
2. If the resolved interface is an SD-WAN member, then FortiGate looks for one or more acceptable
members in the oif list, starting with the first member in the list. An acceptable member is an alive
member that has a route to the destination. This behavior follows the key routing principle: SD-WAN rules
are skipped if none of the configured members in the rule have a valid route to the destination.
If FortiGate finds an acceptable member, it forwards the packet to that member—then the firewall policy check
occurs— and the rule lookup process ends. Otherwise, FortiGate moves on to the next rule. If all rules are
skipped, then FortiGate routes the packet using standard routing, hence the key routing principle: The implicit
SD-WAN rule equals standard FIB lookup.
Pag 429

Giacomo Marielli 2025-10-21 16:31:51

Selected Answers: A, C, E


Is the correct

Anonymous User 2026-01-21 03:24:32

Selected Answers: A, B, E


FIB lookup ABE
  • Ronen Goldberg 2026-02-08 17:38:55
    B is incorrect, look at the FortiOS 7.6 pdf, page 118 or Fortigate 7.6 Administrator, page 90. SD-WAN Comes after Policy Routes and ISDB Routes.

CABGroup 2026-02-10 23:06:57

Selected Answers: A, B, E


abe

CABGroup 2026-02-10 23:07:16

Selected Answers: A, C, E


ace

ab 2026-02-20 22:01:07

Selected Answers: A, C, E


B is nonsense