View all questions & answers for the FCP - FortiGate 7.4 Administrator Exam Materials exam
Question 17 Discussion
Comments
Selected Answers: A, B, D
A, B and D Cinfirmed as per SD-WAN Study guide as below,
Study Guide 7.2, pages 125:
Key Routing Principles
1. SD-WAN rules are policy routes
2. Regular policy routes have precedence over SD-WAN rules
3. Route lookup is done for new and dirty sessions
• For original and reply traffic
• Includes policy route lookup
4. By default, SD-WAN rules are skipped if:
• Best route to destination isn’t an SD-WAN member
• None of the members have a valid route to destination
- If the preferred member doesn’t have a valid route to destination, the next member in the rule is checked
5. Implicit SD-WAN rule equals standard forwarding information base (FIB) lookup
• If lookup matches ECMP routes, traffic is load balanced using the configured algorithm
Study Guide 7.2, pages 129:
The flowchart on this slide describes the route lookup process that FortiGate performs when it uses policy routes. Note that policy routes can be regular policy routes, internet-service database (ISDB) routes, or SD-WAN rules.
First, FortiGate checks the policy routes. The first type of policy routes to check is the regular policy routes. If there is a match, and the action is Forward Traffic, FortiGate routes the packet accordingly provided the policy route passes the FIB validation process. If the action is Stop Policy Routing, FortiGate moves on to check its route cache.
If the packet doesn’t match any of the regular policy routes, FortiGate moves on to check the ISDB routes first, and then the SD-WAN rules. If the packet doesn’t match any of the SD-WAN rules, FortiGate checks its route cache. You will learn more about the SD-WAN rule matching process in another lesson.
Next, FortiGate checks the FIB, which is the table used for performing standard routing. The FIB can be described as the routing table from the kernel point of view, and is built mostly out of routes in the routing table, but also from system-specific entries required by FortiOS. If the packet doesn’t match any of the routes in the FIB, FortiGate drops the packet and sends an ICMP destination network unreachable message to the sender.
This slide also shows the FortiOS CLI commands you can use to display the policy routes, the route cache entries, the routing table entries, and the FIB entries
Selected Answers: A, B, D
Explanation:
SD-WAN routing in FortiGate follows these key principles to ensure traffic is efficiently managed across multiple WAN links.
A. Regular policy routes have precedence over SD-WAN rules
Standard policy-based routes are evaluated before SD-WAN rules.
If a policy route exists that matches the traffic, it will be used instead of an SD-WAN rule.
B. SD-WAN rules are skipped if the best route is not an SD-WAN member
SD-WAN is designed to optimize WAN links that belong to its defined members.
If the best available route is not part of the SD-WAN group, normal routing rules apply instead.
D. SD-WAN members are skipped if they do not have a valid route to the destination
If an SD-WAN member lacks a route to the destination network, it will be ignored during routing decisions.
This prevents traffic from being sent to unreachable WAN links.
What are three key routing principles in SD-WAN? (Choose three answers)
Brave-Dump Clients Votes