You configured an address object on the root FortiGate in a Security Fabric. This object is not synchronized with a downstream device.
Which two reasons could be the cause? (Choose two.)
You configured an address object on the root FortiGate in a Security Fabric. This object is not synchronized with a downstream device.
Which two reasons could be the cause? (Choose two.)
If the address object on the root FortiGate has fabric-object set to disable, it will not be synchronized to the downstream FortiGate. Additionally, if the downstream FortiGate has configuration-sync set to local, it will avoid accepting synchronized configurations from the root FortiGate. These conditions would prevent the address object from being synchronized with the downstream device.
We agree on A being correct. I think the reason C is not correct is that they aren't saying ALL downstream FortiGates aren't synchronizing. They are referencing a single downstream device.
I change my answer to C & D. A. fabric-object-unification is a root configuration.
A fabric-object-unification is a root configuration. So, C & D
C & D are correct SG page 67
Sorry, The CORRECT is AC: If set fabric-object (Fabric synchronization option in the GUI) is disabled for firewall addresses and address groups on the root FortiGate, they will not be synchronized to downstream FortiGates https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4
A is incorrect because fabric-object-unification is not a setting applicable to downstream FortiGates. B is incorrect because configuration-sync being enabled on the root FortiGate should facilitate, not prevent, synchronization. C is correct because if the address object on the root FortiGate has fabric-object set to disable, it will not be synchronized. D is correct because if the downstream FortiGate has configuration-sync set to local, it will not accept the synchronized configuration from the root FortiGate.
AD is the Correct. *fabric-object-unification* default: Global CMDB objects will be synchronized in Security Fabric. local: Global CMDB objects will not be synchronized to and from this device. *configuration-sync* default: Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node. local: Do not synchronize configuration with root node. https://docs.fortinet.com/document/fortigate/6.4.0/new-features/893434/synchronizing-objects-across-the-security-fabric
A & C are correct. B and D are wrong, as "configuration-sync" is "Synchronize configuration for IPAM, FortiAnalyzer, FortiSandbox, and Central Management with root node.", not object synchronisation. https://docs.fortinet.com/document/fortigate/7.4.4/cli-reference/
we discuss about an address object and a downstream without specify how many downstream there are .... , and for this reason "C" is correct. A -- OK C -- OK
fabric-object-unification is configured on the root fotigate, is not for the downstream fortigates therefore C, and D
Correct answer C, D
C and D are correct