Here you have the best Fortinet NSE7_SDW-6.4 practice exam questions
Refer to the exhibit.
Multiple IPsec VPNs are formed between two hub-and-spokes groups, and site-to-site between Hub 1 and Hub 2. The administrator configured ADVPN on the dual regions topology.
Which two statements are correct if a user in Toronto sends traffic to London? (Choose two.)
When a user in Toronto sends traffic to London in a dual-hub-and-spokes topology with ADVPN enabled, the first packets will indeed be routed through Hub 1 and then to Hub 2, as the initial communication needs to follow the established hub route. However, ADVPN allows for the dynamic establishment of a direct site-to-site VPN, which means subsequent traffic will trigger the negotiation of a direct VPN tunnel between Toronto and London, bypassing the hubs. Hence, both the routing of initial packets through the hubs and the dynamic negotiation of a direct VPN are correct statements.
Refer to exhibits.
Exhibit A shows the traffic shaping policy and exhibit B shows the firewall policy.
FortiGate is not performing traffic shaping as expected, based on the policies shown in the exhibits.
To correct this traffic shaping issue on FortiGate, what configuration change must be made on which policy?
For the traffic shaping to work as expected in this context, enabling the application control profile on the firewall policy is necessary. This allows the policy to properly identify and control applications, including those that fall under streaming media, and apply the traffic shaping policy effectively. The traffic shaping policy shown specifies 'Streaming Media and Download' in the URL category, which aligns with application control, not a web filter profile.
Which statement defines how a per-IP traffic shaper of 10 Mbps is applied to the entire network?
In a per-IP traffic shaper configuration, FortiGate allocates each IP address a maximum bandwidth limit. This means each IP address can use up to the specified bandwidth, but not exceed it. Therefore, in this case, FortiGate allocates each IP address a maximum of 10 Mbps of bandwidth.
Which three parameters are available to configure SD-WAN rules? (Choose three.)
The three parameters available to configure SD-WAN rules are application signatures, Internet service database (ISDB) address object, and source and destination IP address. Application signatures allow configuration based on the type of application, ISDB address objects enable configuring rules based on known internet services, and source and destination IP addresses allow specific traffic routing based on IP addresses.
Which diagnostic command you can use to show interface-specific SLA logs for the last 10 minutes?
To show interface-specific SLA logs for the last 10 minutes, the correct diagnostic command is 'diagnose sys virtual-wan-link intf-sla-log'. This command is specifically designed to provide detailed logs for individual interfaces, making it suitable for displaying SLA logs over a specified period, such as the last 10 minutes.