A: is correct, this is because the set_preserve_session_route enabled command makes a sticky interface. Not allowing the session to reroute due to best path change. Only new sessions will route through the better interface.
B. Fortigate does not always block traffic it will continue the session and only start new sessions through the new interface.
C. fortigate will ALSO check routing on a downed interface. it does not re-evaluate with stickiness enabled.
D. in this case it will not flush routing for the SESSION because stickiness is enabled.
A is absolutely correct.
The reason C is incorrect is the word "only." The FortiGate does not "only" check routing table for new sessions. It will ALSO check routing table for existing sessions when the session gateway is down/invalid!
Incorrect. C is never correct, because routing is evaluated for existing session if the gateway becomes invalid. The problem with C is the word "only" makes it incorrect.
through port2. Hub2 drops any already established TCP sessions.
• With preserve-session-route enable, FortiGate does not reevaluate the session, and the session
remains established through port1 and hub1. Active TCP sessions do not change. FortiGate routes new
sessions through port2. pag 153 sdwan study 7.2. Y posiblemente algo de la D
Nope, for checking of new routes and tagging them as "dirty" you also have to configure config firewall policy
set firewall-session-dirty check-new
end
as stated here https://community.fortinet.com/t5/FortiGate/Technical-Tip-Information-about-firewall-session-dirty/ta-p/195802
Thus only A is correct.
C is correct too. Page 154. "With preserve-session-route enable, FortiGate does not reevaluate the session, and the session remains established through port1 and hub1. Active TCP sessions do not change. FortiGate routes new sessions through port2."
It says "FortiGate performs routing lookups for NEW SESSIONS only, after a route change. " and that's true. After the route change, old sessions stay with the old route. But for new sessions, Fortigate performs a route lookup.
Incorrect. With preserve-session-route enabled, FortiGate will evaluate routing not "only" for new sessions, but it WILL ALSO reevaluate routing for existing sessions if the gateway is invalid for any reason!
C no es correcta. La razon es que el FortiGate reevaluara "routing" por sesiones existentes que todavia no tienen "gateway" valido -- no solo por sesiones nuevas.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Xartr
3 weeks, 5 days agoSlikings
4 months, 1 week agoccie8122
7 months, 2 weeks agoMellon
8 months, 2 weeks agoccie8122
7 months, 2 weeks agocgilvi
9 months, 1 week agoccie8122
7 months, 2 weeks agoKZM
9 months, 1 week agoccie8122
7 months, 2 weeks agolucient
1 year, 1 month agoccie8122
7 months, 2 weeks agotruserud
1 year, 1 month agonse_student
1 year, 2 months agoalejandrofern43
1 year, 3 months agoKavinT
1 year, 3 months agoccie8122
7 months, 2 weeks agotruserud
1 year, 1 month agolucient
1 year, 1 month agoccie8122
7 months, 2 weeks agoac89l
1 year, 3 months agoIBB90704
1 year, 3 months agoccie8122
7 months, 2 weeks ago