Free and Premium Fortinet NSE7_SDW-7.2 Dumps Questions Answers

You can use metadata variables only to define interface members and the gateway IP.

All SD-WAN template fields support metadata variables.

Any field Identified with a dollar sign ($) in a magnifying glass.

Any field identified with an "M" in a circle.

FortiGate flushes all sessions.

FortiGate terminates the old sessions.

FortiGate does not change existing sessions.

FortiGate evaluates new sessions.

It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.

It improves SD-WAN performance on the managed FortiGate devices.

It sends probe signals as health checks to the beacon servers on behalf of FortiGate.

It acts as a policy compliance entity to review all managed FortiGate devices.

It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.

All traffic from a source IP to a destination IP is sent to the same interface.

All traffic from a source IP is sent to the same interface.

All traffic from a source IP is sent to the most used interface.

All traffic from a source IP to a destination IP is sent to the least used interface.

It does not allow you to monitor the status of SD-WAN members.

It is enabled or disabled on a per-ADOM basis.

It is enabled by default.

It uses templates to configure SD-WAN on managed devices.

When configuring an SD-WAN rule, you can select multiple SLA targets of the same performance SLA.

SD-WAN rules use SLA targets to check if the preferred members meet the SLA requirements.

SLA targets are used only by SD-WAN rules that are configured with Lowest Cost (SLA) or Maximize Bandwidth (SLA) as strategy.

Member metrics are measured only if an SLA target is configured.

Each region has its own SD-WAN topology

It is not compatible with ADVPN.

Regions must correspond to geographical areas.

Routing between the hub and spokes must be BGP.

Destination internet service must be enabled on the traffic shaping policy.

Application control must be enabled on the firewall policy.

Web filtering must be enabled on the firewall policy.

Individual SD-WAN members must be selected as the outgoing interface on the traffic shaping policy.

Port2 becomes alive after three successful probes are detected.

FortiGate removes all static routes for port2.

The administrator manually restores the static routes for port2, if port2 becomes alive.

Host 8.8.8.8 is reachable through port1 and port2.

Cost

Interface member

Priority

Gateway IP

This is a spoke that has received a query from a remote hub and has forwarded the response to its hub.

Two hubs, 10.0.1.101 and 10.0.2.101, are receiving and forwarding queries between each other.

This is a hub that has received a query from a spoke and has forwarded it to another spoke.

Two spokes, 192.2.0.1 and 10.0.2.101, forward their queries to their hubs.

The dead member interface stays unavailable until an administrator manually brings the interface back.

Port2 needs to wait 500 milliseconds to change the status from alive to dead.

Static routes using port2 are active in the routing table.

FortiGate has not received three consecutive requests from the SLA server configured for port2.

On the receiver FortiGate, packet-de-duplication is enabled.

The ICMP echo request packets sent over T_INET_0_0 and T_MPLS_0 were dropped along the way.

The ICMP echo request packets received over T_INET_0_0 and T_MPLS_0 were offloaded to NPU.

On the sender FortiGate, duplication-max-num is set to 3.

FortiGate bounces port5 after it detects all SD-WAN members as dead.

FortiGate fails over to the secondary device after it detects all SD-WAN members as dead.

FortiGate brings up port5 after it detects all SD-WAN members as alive.

FortiGate brings down port5 after it detects all SD-WAN members as dead.

There are no IPsec tunnel statistics log messages for ADVPN cuts.

There is one shortcut tunnel built from master tunnel T_MPLS_0.

The VPN tunnel T_MPLS_0 is a shortcut tunnel.

The master tunnel T_INET_0 cannot accept the ADVPN shortcut. 

update-source

set-route-tag

holdtime-timer

link-down-failover

The traffic will be load balanced across all three overlays.

The traffic will be routed over T_INET_0_0.

The traffic will be routed over T_MPLS_0.

The traffic will be routed over T_INET_1_0.

FortiGate applies traffic shaping to the original traffic direction only.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

You can reference meta fields.

You can configure interfaces as SD-WAN members without having to remove references first.

You can configure FortiManager to sync local configuration changes made on the managed device, to the CLI template.

You can configure advanced CLI settings.

Type of physical link connection

Internet service database (ISDB) address object

Source and destination IP address

URL categories

Application signatures

The number of simultaneous connections among all source IP addresses cannot exceed five connections.

The traffic shaper limits the combined bandwidth of all connections to a maximum of 5 MB/sec.

The number of simultaneous connections allowed for each source IP address cannot exceed five connections.

The traffic shaper limits the bandwidth of each source IP address to a maximum of 625 KB/sec.

Create dynamic mapping for the LAN interface for all devices in the installation target list.

Use a metadata variable instead of a dynamic interface to define the firewall policy.

Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.

Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.

The objects are saved in the ADOM common object database.

It does not support meta fields.

It uses templates to configure SD-WAN on managed devices.

It supports normalized interfaces for SD-WAN member configuration.

FortiGate performed standard FIB routing on the session.

FortiGate will not re-evaluate the session following a firewall policy change.

FortiGate used 192.2.0.1 as the gateway for the original direction of the traffic.

FortiGate must re-evaluate the session due to routing change.

Routes for ADVPN shortcuts must be manually configured.

SD-WAN can steer traffic to ADVPN shortcuts, established over IPsec overlays, configured as SD-WAN members.

SD-WAN does not monitor the health and performance of ADVPN shortcuts.

You must use IKEv2 on IPsec tunnels.

The ISDB is dynamically updated and reduces administrative overhead.

The ISDB requires application control to maintain signatures and perform load balancing.

The ISDB applies rules to traffic from specific sources, based on application type.

The ISDB contains the IP addresses and port ranges of well-known internet services.

It is a hub device. It can send ADVPN shortcut offers.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. The subnet range is 10.10.128.0/23.

It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

It is a hub device and will automatically discover the spoke devices that are in the SD-WAN topology.

Interface-based shaping mode

Reverse-policy shaping mode

Shared-policy shaping mode

Per-IP shaping mode

The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.

T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.

T_INET_0_0 does not have a valid route to the destination.

T_INET_1_0 has a higher member configuration priority than T_INET_0_0.