Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Fortinet Discussions

Exam NSE7_SDW-7.2 topic 1 question 17 discussion

Actual exam question from Fortinet's NSE7_SDW-7.2
Question #: 17
Topic #: 1
[All NSE7_SDW-7.2 Questions]

Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0. However, the traffic is routed over T_INET_1.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

  • A. T_INET_1 has a lower route priority value (higher priority) than T_INET_0.
  • B. The traffic matches a regular policy route configured with T_INET_1 as the outgoing device.
  • C. T_INET_1 has a higher member configuration priority than T_INET_0.
  • D. T_INET_0 does not have a valid route to the destination.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by KavinT at March 10, 2024, 10:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
lucient
2 weeks, 6 days ago
Selected Answer: BD
After reading once and again this question, I've found this: the commando get router info routing-table all user "grep T_INET_" So, grep should lists entries for T_INET_0 and T_INTE_1. However, there is only one entry for T_INET_1 This means: A) Wrong. Even if it matchet sdwan rule 1, the only valid member is 2: T_INET_1 B) Can be right. A regular policy with T_INET_1 would work because there is a route in the routing table. C) Wrong. Same as "A". D) It's 100% right. T_INET_0 does not have a valid route.
upvoted 1 times
...
lucient
3 weeks, 2 days ago
Selected Answer: BD
"A" can't be right. Page 197: "Do not confuse the member configuration priority with the Priority setting available on the SD-WAN member configuration. The latter is used for the priority of static routes for members when you configure static routes for zones. The former refers to the member priority based on the Interface Preference list configuration. Members that are configured first in the list have higher priority over those configured last. The Priority setting is used as a tiebreaker for ECMP routes when matching the implicit SD-WAN rule." Priority SETTING is not relevant in this case because there is no static route for zone, so there is NOT ECMP. There is only one route to 10.0.0.0/8 pointing to T_INET_1. "B" is a possible reason even if there is no exhibit. Policy routes come before ISDB rules and SDWAN rules. If there is a policy route pointing to T_INET_1 it has precedence over sdwan rules. And will work because there is a valid route through T_INET_1.
upvoted 1 times
lucient
3 weeks, 2 days ago
"C" can't be right. Page 87: "cfg-order instructs FortiGate to use the member configuration order as the tiebreaker for the selected member. That is, members that are configured first, have higher priority." There is not tie because there is NO route through T_INET_0. So, even when the tie break is "cfg", member configuration priority is not relevant. "D" is right. There is no route to 10.0.0.0/8 pointing to T_INET_0
upvoted 1 times
...
...
truserud
3 weeks, 4 days ago
Selected Answer: AD
A&D must be the correct answers based on the exhibition: A because that is an actual fact with regards to the router info output D because T_INET_0 is not listed in the routing info output, and there are no places in the exhibition showing anything related to policy based routing
upvoted 3 times
...
nse_student
1 month, 1 week ago
Selected Answer: BD
Priority not used for this purpose.
upvoted 1 times
...
83e48be
1 month, 2 weeks ago
Selected Answer: AD
AD is correct
upvoted 1 times
83e48be
1 month, 2 weeks ago
If I try to put in the explanation it gives a cloudflare error. really short version : D, route no exist on T_INET_0 A, 1 lower prio over 0 , yes, but only implicit rule B , could be , but nothing showing PBR on exam pick A+D
upvoted 1 times
83e48be
1 month, 2 weeks ago
This is a bad question/example. We don't know the source besides "branch1_fgt", which has no reference to a subnet. We have to assume this is source 10.0.1.0/24. Info regarding PBR and other SDWAN config is missing as well. T_INET_1 has a lower route priority value (higher priority) than T_INET_0. This is technically true and this answer could be correct if the traffic would not match the SDWAN rule. We have to assume no other rules would match and it would hit the implicit ruleset. The implicit ruleset uses the FIB to determine the outgoing interface. Now the route in the FIB with lowest priority will get selected. Answer A could be correct, we are missing some relevant info.
upvoted 1 times
83e48be
1 month, 2 weeks ago
Because there is no output shown regarding PBR it is not known if PBR could interface. PBR is performed before SDWAN so anything in SDWAN becomes irrelevant. Answer B could be correct, we are missing relevant info. Route priority difference has no impact on the route added to the active routing table. (Distance and weight will and only the best one will be added) Both T_INET_0 and T_INET_1 should show in the output. In this output only T_INET_1 is shown as a valid destination for 10.0.0.0/8. SDWAN members don't have a specific subnet as destination, rather 0.0.0.0/0. The presence of a more specific subnet implies the use of addditional config beyond what is shown. Ex. set default / set gateway , static route etc. Because T_INET_0 is not mentioned at all , all we know is there is no valid route to 10.0.0.0/8. Answer D is correct.
upvoted 1 times
83e48be
1 month, 2 weeks ago
The only one we can safely count as wrong is C. There is nothing in the SDWAN rule that leads to T_INET_1 preferred over T_INET_0. Once again....poor question/example. On an actual exam my best bet would be A+D. There is nothing shown about PBR, thus would be the least valid answer. At least A has some relevance...
upvoted 1 times
83e48be
1 month, 2 weeks ago
Here , if examtopics wont allow a long comment I will just cut it into smaller sections =D
upvoted 1 times
...
...
...
...
...
...
ipv84
1 month, 3 weeks ago
I think too... right answers are B & D.
upvoted 2 times
...
ee0808
1 month, 4 weeks ago
Selected Answer: BD
Changed my mind on this one... Right answer is B & D A is wrong - a lower priority route for T_INET_0 would have been visible in the routing-table exhibit B is correct - traffic could match a policy route (even if not shown in exhibit though) with T_INET_1 as outgoing interface C is wrong for several reasons D is correct - routing-table exhibit shows no route for T_INET_0, T_INET_0 is therefore not considered
upvoted 3 times
D3n1s
1 month, 3 weeks ago
If D is correct, how you will see the prefix in the routing table, this is against the SDWAN rules? If you select D it is absolutely natural to select A.
upvoted 1 times
...
...
ee0808
1 month, 4 weeks ago
Selected Answer: AD
AD No mention of policy routes in exibits No valid route through T_INET_0 in exibits
upvoted 2 times
...
jayessarre
2 months ago
A and D - no valid route
upvoted 3 times
...
KavinT
2 months, 1 week ago
Selected Answer: AB
A & B are correct.
upvoted 1 times
D3n1s
1 month, 3 weeks ago
PBRs are not visible with the command from the exhibit.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel