Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.
If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?
Since the 'snat-route-change' setting is disabled, sessions using SNAT will continue to use the same outbound interface as long as the old route is still active. This means that even if the priority on route ID 2 were changed from 10 to 0, the session would remain in the session table and its traffic would continue to egress from port1, which is the interface associated with the initial route.
With snat-route-change disable, sessions using SNAT keep using the same outbound interface, as long as the old route is still active.
D is correct - Study Guide, page 146
Took the test a few weeks ago, there is a variant on this question where the snat-route-change setting is enabled. So the answer would be B in that case.
No, the answer would be C, the session is deleted and restablished.
The same session is remain with the original initial traffic interface. D - is correct
D: snat-route-change is disabled. Ref: Enterprise_Firewall_7.0_Study_Guide-Online 147
With snat-route-change disable, sessions using SNAT keep using the same outbound interface, as long as the old route is still active
D is correct
With snat-route-change enable will it perform the same action as non-natted traffic , aka it will flag the session as dirty and restablish. With snat-route-change disable it will stay on the current interface unless the interface has gone down.
With snat-route-change disable, sessions using SNAT keep using the same outbound interface, as long as the old route is still active.
D is correct
"D" is correct. "When you disable snat-route-change, the behavior that occurs after a routing change is different for sessions using SNAT. Sessions using SNAT continue using the same outbound interface, as long as the old route is still active." Enterprise_Firewall_7.0_Study_Guide-Online.pdf - Page 146
snat-route-change should be enabled in order to switch routing to port 2.
In the session show the traffic using interface 2 as outbound. I don't know why, but it is.
Sorry. The interface number showed in session table is the interface index and not the interface number. I not sure if the index 2 own the port2. We need to trust that it's not a prank and there's not a policy route matching this traffic. I change my answer to"D"
How can we determine if snat-route-change is disabled or enabled by looking at this output ?
It says 'disable' on the second line of the Configuration screenshot
D is the correct.
D is correct. SNAT https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-update-existing-NAT/ta-p/198439 config system global set snat-route-change enable end The option 'snat-route-change' can control what action the existing SNAT session needs to take after route change. By default, it is disabled. So after a routing change, sessions with SNAT keep using the same outbound interface, as long as the old route is still active. When 'snat-route-change' is enabled, after a routing change, routing information is flushed from existing SNAT sessions;.
Same here, D.