Refer to the exhibit, which shows the output of diagnose sys session list. If the HA ID for the primary device is 0, what happens if the primary fails and the secondary becomes the primary?
A.
The session will be removed from the session table of the secondary device because of the presence of allowed error packets, which will force the client to restart the session with the server.
B.
The session state is preserved but the kernel will need to re-evaluate the session because NAT was applied.
C.
Traffic for this session continues to be permitted on the new primary device after failover, without requiring the client to restart the session with the server.
D.
The secondary device has this session synchronized; however, because application control is applied, the session is marked dirty and has to be re-evaluated after failover.
HA Synchronization: The session table entry shows "ha_id=0 synced". This means the session state is synchronized between the primary and secondary FortiGates.
Failover Scenario: When the primary fails and the secondary takes over as the primary, the synchronized session state is transferred.
Continued Traffic Flow: As long as the session state is valid and synchronized, the new primary device can continue to process traffic for this session without interruption. The client does not need to re-establish the session.
C is correct, by default NAT sessions are not re-evaluated, therefore since it is already synced as we can see in the session state this should continue flowing normally
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
TrX
4 months, 3 weeks agoPabloSL
5 months, 1 week ago