ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_EFW-7.0 All Questions

View all questions & answers for the NSE7_EFW-7.0 exam
Go to Exam

Exam NSE7_EFW-7.0 topic 1 question 14 discussion

Actual exam question from Fortinet's NSE7_EFW-7.0
Question #: 14
Topic #: 1
[All NSE7_EFW-7.0 Questions]

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?

  • A. Configure remote link monitoring to detect an issue in the forwarding path.
  • B. Configure set send-garp-on-failover enable under config system ha on both cluster members.
  • C. Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.
  • D. Configure set link-failed-signal enable under config system ha on both cluster members.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Alaba at Jan. 3, 2023, 11:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LiliRose
Highly Voted 1 year, 10 months ago
Selected Answer: D
Virtual MAC Address and Failover - The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port. - Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces): #Config system ha set link-failed-signal enable end - This simulates a link failure that clears the related entries from MAC table of the switches.
upvoted 7 times
...
myrmidon3
Most Recent 4 months, 2 weeks ago
Selected Answer: D
After an HA failover, Gratuitous ARP (GARP) packets are sent by the new primary FortiGate to update the switches' MAC forwarding tables. However, some switches, especially high-end ones, might not update their MAC tables correctly, even after receiving GARPs. To address this, you can use the command: config system ha set link-failed-signal enable end This command forces the former primary FortiGate to shut down its interfaces for one second (except heartbeat and reserved management interfaces). This simulates a link failure, causing the switches to clear their MAC table entries and correctly redirect traffic to the new primary.
upvoted 1 times
...
Tcmh
1 year ago
Selected Answer: D
study guide 7.2 page 98
upvoted 4 times
charruco
10 months ago
does this valid to 7.2?
upvoted 1 times
...
...
certifi46
1 year, 6 months ago
Selected Answer: D
Study guide page 206
upvoted 3 times
...
Nope_123
1 year, 8 months ago
Selected Answer: D
D is correct, see page 206 of 7.0 study guide
upvoted 2 times
...
Seph1
1 year, 10 months ago
Selected Answer: D
D - is correct.
upvoted 1 times
...
JackeD
1 year, 10 months ago
Selected Answer: D
D of course
upvoted 2 times
...
NoBOdY366
1 year, 10 months ago
The answer is D
upvoted 3 times
...
johnnd
1 year, 10 months ago
Selected Answer: D
link-failed-signal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network.
upvoted 4 times
...
tururu1496
1 year, 10 months ago
Selected Answer: D
D is correct. This forces ports to flap so that the switch clears CAM table
upvoted 2 times
...
Alaba
1 year, 11 months ago
The answer is D
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel