ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_PBC-6.4 All Questions

View all questions & answers for the NSE7_PBC-6.4 exam
Go to Exam

Exam NSE7_PBC-6.4 topic 1 question 30 discussion

Actual exam question from Fortinet's NSE7_PBC-6.4
Question #: 30
Topic #: 1
[All NSE7_PBC-6.4 Questions]

You need to deploy FortiGate VM devices in a highly available topology in the Microsoft Azure cloud. The following are the requirements of your deployment:
* Two FortiGate devices must be deployed; each in a different availability zone.
* Each FortiGate requires two virtual network interfaces: one will connect to a public subnet and the other will connect to a private subnet.
* An external Microsoft Azure load balancer will distribute ingress traffic to both FortiGate devices in an active-active topology.
* An internal Microsoft Azure load balancer will distribute egress traffic from protected virtual machines to both FortiGate devices in an active-active topology.
* Traffic should be accepted or denied by a firewall policy in the same way by either FortiGate device in this topology.
Which FortiOS CLI configuration can help reduce the administrative effort required to maintain the FortiGate devices, by synchronizing firewall policy and object configuration between the FortiGate devices?

  • A. config system sdn-connector
  • B. config system ha
  • C. config system auto-scale
  • D. config system session-sync
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by kinge2 at July 30, 2022, 11:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pojkofd00m
2 years, 3 months ago
Selected Answer: C
Answer is C. You can use FGSP in an active-active cluster but only to sync sessions, not configuration. Configuration sync is handled by autoscaling. page 52 of the study guide kind of describes it.
upvoted 2 times
...
charruco
2 years, 4 months ago
Selected Answer: B
B is correct FTG HA Active/Active requires the following configuration to sync the session by FGSP config system ha set session-pickup enable set session-pickup-connectionless enable set session-pickup-nat enable set session-pickup-expectation enable set override disable end config system cluster-sync edit 0 set peerip 10.0.1.x set syncvd "root" next end https://github.com/fortinet/azure-templates/tree/main/FortiGate/Active-Active-ELB-ILB
upvoted 1 times
...
kinge2
2 years, 9 months ago
Selected Answer: C
C is the correct answer - The FortiGate VMs are, in this Active/Active setup, independent units. The FGCP protocol, used in the Active/Passive setup, to sync the configuration is not applicable here. To enable configuration sync between both unit the sync from the autoscaling setup can be used. This will sync all configuration except for the specific configuration item proper to the specific VM like hostname, routing and others. To enable the configuration sync the config below can be used on both. https://github.com/fortinet/azure-templates/tree/main/FortiGate/Active-Active-ELB-ILB
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago