Exam NSE7_SDW-7.2 topic 1 question 10 discussion

Actual exam question from Fortinet's NSE7_SDW-7.2

Question #: 10
Topic #: 1

Refer to the exhibits.
Exhibit A.

Exhibit B.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.
After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)

A. Port1 and port2 do not have a valid route to the destination.
B. The session 3-tuple did not match any of the existing entries in the ISDB application cache.
C. Full SSL inspection is not enabled on the matching firewall policy.
D. FortiGate did not refresh the routing information on the session after the application was detected.

Show Suggested Answer

Suggested Answer: BD 🗳️

by IBB90704 at March 8, 2024, 1:43 a.m.

Comments

Submit Cancel

lucient

Highly Voted 1 year, 1 month ago

Selected Answer: BD

B: There is no 3-tuple with IP 23.212.248.205 D: Page 156 of the study guide. "By default, SNAT sessions are not flagged as dirty following a routing change that impacts the session". So, the first routing match is the default sd wan rule. After identifying the app, the match is now rule ID 1. However, because there is SNAT to the Internet, the session is not marked as "dirty". It is not re-evaluated and traffic keeps going through port2.

upvoted 5 times

...