View all questions & answers for the NSE 7 - FortiSASE 25 Enterprise Administrator Exam Materials exam


Question 45 Discussion

What are the key differences between the FortiSASE BGP per overlay and BGP on loopback routing design methods? (Choose one answer)

  • A. BGP per overlay can use separate iBGP sessions for each spoke-to-hub tunnel with mode-cfg enabled for IP address assignment, while BGP on loopback uses a single iBGP session per hub terminating on a loopback interface to simplify configuration and reduce advertised routes.
  • B. BGP per overlay establishes a single iBGP session per hub on a loopback interface, while BGP on loopback requires mode-cfg for IP address assignment and uses multiple iBGP sessions per tunnel.
  • C. BGP per overlay is used for loopback interfaces to reduce routes, while BGP on loopback is the default method requiring separate iBGP sessions for each spoke.
  • D. BGP per overlay simplifies hub configuration without mode-cfg, while BGP on loopback establishes multiple iBGP sessions for each tunnel to increase advertised routes.
Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments



Brave-Dumps Admin 2025-11-26 16:37:19

Selected Answers: A


it needs additional check from our expert clients

javaughn Bryan 2025-11-28 21:46:36

Selected Answers: A


A is ABSOLUTELY CORRECT. The rest are incorrect.

BGP PER OVERLAY:
FortiSASE supports two main routing design methods for SD-WAN overlays: BGP per overlay and BGP on loopback. The BGP per overlay design is the traditional method and was once the only option that supported ADVPN. In this design, each spoke establishes a separate IBGP session over each overlay towards every hub. These sessions terminate on the tunnel IP addresses on both the spoke and the hub. As a result, spokes advertise their LAN prefixes over all active IBGP sessions, which can lead to a large number of sessions and routes, increasing configuration complexity and overhead.


BGP ON LOOPBACK:
The BGP on loopback design simplifies network configuration and significantly reduces the number of BGP sessions and route advertisements. In this model, each spoke establishes a single IBGP session to each hub, with the session terminating on the loopback interface, which uniquely identifies each SD-WAN node. Spokes advertise their LAN prefixes over this single session per hub, streamlining route management and improving scalability across the SD-WAN fabric.

PAGE 63: SASE NSE7 ENTERPRISE GUIDE