Because the gateway is enabled, Fortigate will not check if the member has a valid route to the destination, therefore MPLS will win because it has the most SLAs that are met.

MPLS doesn´t has valid route for destination AND set gateway enable without also set default enable will not allow packets to flow to this member without a valid route. INET_1 has route and meets one sla target (0x1). INET_0 has route but doesn´t meet sla targets (0x0)

Based on https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-deployment-for-mssps/511005/sd-wan-routing-logic

D. The traffic will be routed over T_INET_1_0. Most Voted Because You need to also "set default enable" to make it work in that way. pag 171 SD 72

D: correct MPLS_0 Meet the SLA but no route to destination inet_0_0 does not meet sla (0x0), but have route inet_1_0 meet sla 0x1 and have route to destination

Study Guide page 94 and 145 Not A : "sla(0x0)" means member not satisfying any SLA perf as there are two sla perf configured. So T_INET_0_0 can't be used Not B : "sla(0x0)" means member not satisfying any SLA perf as there are two sla perf configured. So T_INET_0_0 can't be used Not D : "sla(0x1)" means that only SLA #1 is met. Not secondary. T_MPLS_0 met both SLA and "set gateway enable" is set, member is prior as "sla(0x3)" is mentioned despite there is no route to destination through this member

T_INET_1_0 => D is correct INET_1 has route and meets one sla target (0x1).

T_INET_1_0 => D is correct INET_1 has route and meets one sla target (0x1).

Sadly, I think the correct answer is T_MPLS_0 Even with T_INET_1_0 being succesfull in one SLA target (0x1), FortiGate checks how many SLA targets a member meets. The more SLA targets it meets, the higher its preference. If there are two or more members that meet the same number of SLA targets, then FortiGate uses the member cost as the tiebreaker, and then the member priority as the last tiebreaker. With "set gateway enable", T_MPLS_0 should skip the FIB and use gateway 172.16.1.5. It doesn't matter if that gateway may not reach 10.0.0.0/8 set default enable is missing, so SD-WAN rules are skipped if the best route to the destination isn’t an SD-WAN member. They all are.

Please refer to page 227 SD study guide 7.2. id the sla value is 0x0 - Meaning no Sla has been met. MPLS has the most SLAs 0x3 but no route. INET_1 has 0x1 Sla Met and has a rout to destination.

Is this question missing some info? I can't see the destination for the life of me.

MPLS has the most SLAs 0x3 but no route. INET_1 has one more SLA than the other. D

If you want to send packets blindly through member gateway, then you must enable default and enable gateway. Please, check page 145 of SD-WAN7.0. I spent 30 minutes of analyzing that example and thinking and my conclusion is that it must be D.

I thoroughly tested this in my home lab and strictly added the 'set gateway enable' command. Then tried to ping 8.8.4.4 from a LINUX server, with no internet routes in the FIB. The ping failed. Then I added the 'set default enable' and my ping worked. Since this configuration on the list does NOT have 'set default enable' I will continue to say the only valid answer is D. INET_1 has a valid route in this example.

MPLS doesn´t has valid route for destination AND set gateway enable without also set default enable will not allow packets to flow to this member without a valid route. INET_1 has route and meets one sla target (0x1); INET_0 has route but doesn´t meet sla targets (0x0).

MPLS doesn´t has valid route for destination AND set gateway enable without also set default enable will not allow packets to flow to this member without a valid route. INET_1 has route and meets one sla target (0x1). INET_0 has route but doesn´t meet sla targets (0x0).

To see the valid route, you should look in the database routing table. MPLS iface is a member of the sdwan rule so it has a valid route even if it is not the best(thus it is not present in the routing table)