Refer to the exhibit.
You have deployed a security fabric with three FortiGate devices as shown in the exhibit.
FGT_2 has the following configuration:
FGT_1 and FGT_3 are configured with the default setting.
Which statement is true for the synchronization of fabric-objects?
The configuration on FGT_2 with 'set fabric-object-unification local' indicates that objects will not be synchronized to or from FGT_2. Default setting means synchronization occurs between root FortiGate and downstream FortiGate devices. Since FGT_2's synchronization is set to local, it will not synchronize objects with any other device, not upstream to the root FortiGate nor downstream to FGT_3. Therefore, objects from the root FortiGate will not be synchronized to any downstream FortiGate.
Local means objects will not be synchronized to and from this device (CLI Reference Guide). So they will not by synced on FGT_2. My guess is D is correct
I am with Noidea
Noidea has the right idea...
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4
C is correct https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/880913/synchronizing- objects-across-the-security-fabric
Still C The fabric-object-unification setting on FGT_2 is set to local, which means that objects will not be synchronized to any other FortiGate devices in the security fabric. The default setting for fabric-object-unification is default, which means that objects will be synchronized from the root FortiGate to all downstream FortiGate devices. Since FGT_2 is not the root FortiGate and the fabric-object-unification setting is set to local, objects from the root FortiGate will not be synchronized to FGT_2.
local: Global CMDB objects will not be synchronized to and from this device. Since FGT-3 is connected FGT-2 and root hence objects will not be synchronized to FGT-3 as well. So I am going with C.
Exactly the same example. D is correct. https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4
The root sends its global CMDB objects to FGTB-1, which has configuration-sync set to local, so FGTB-1 will not import objects sent by the root. However, FGTB-1 will still forward these messages downstream to FGTC, which has configuration-sync set to default, so FGTC will receive and synchronize the objects sent from the root FortiGate (FGTA-1).