Refer to the exhibit.
The exhibit shows output of the command diagnose sys sdwan service collected on a FortiGate device.
The administrator wants to know through which interface FortiGate will steer the traffic from local users on subnet 10.0.1.0/255.255.255.192 and with a destination of the business application Salesforce located on HQ servers 10.0.0.1.
Based on the exhibits, which two statements are correct? (Choose two.)
Service rule 1 is configured for the Internet Service categories of Facebook and Twitter, so traffic destined for Salesforce will not match this rule. Since Salesforce is categorized under business applications, service rule 2 applies, which specifies port2. If the application of the flow is not recognized, traffic will default to service rule 3. Therefore, the correct steering will be as per rule 2 for recognized business applications like Salesforce, and as per rule 3 when the application cannot be recognized.
C & D Salesforce = Business category -> D is correct C is a general rule
It says "with a destination of the --> BUSINESS <-- application Salesforce". So, traffic will skip sdwan rule #1 because it's not Facebook nor Twitter. Then, Salesforce traffic will match sdwan rule #2 because it is "business" category traffic. And, if it can't identify the service, it will match sdwan rule #3. So, the correct answers are C and D.
Question is, would Salesforce traffic be recognized if it is to private servers?
I agree with your reasoning that's why I would go for option A and C considering the business runs on the private HQ servers and they are not available over the internet
A & C are correct
A. There is no service defined for the Salesforce application, so FortiGate will use the service rule 3 and steer the traffic through interface T_HQ1. C. When FortiGate cannot recognize the application of the flow it steers the traffic destined to server 10.0.0.1 according to service rule 3.
Salesforce = Business category
For application detection you can use applications from FortiGuard’s predefined application list, create groups with those applications, or use application categories. Application categories group application per purpose, for example business, game, social media. You can also combine application group with specific applications. Page 184 study guide
No. C and D are right.
The answer is C & D When you go under "View Application Signatures" Salesforce = Business category -> D is correct C is a general rule
A y C son correctas.
A & C are correct
A&C are correct
No. C and D are right.
C & D are correct. C is the dirst correct answer in this scenario. D is the second correct answer: Salesforce is indeed identified as a Business Category. Just check up your Application Control profile on your Fortigate and view entries, then search for Salesforce. Thus it will hit Rule (Service) 2. As we all know; SD-WAN rules are handled the same way as Firewall Policies, from top to bottom. Thus D is correct.
Forgot to mark answers. See my other comment below.
CD for sure.
A is wrong because Salesforce is part of the business category B is wrong because rule 1 doesnt cover salesforce therefore C & D are correct
C&D I originally thought A and C but after looking at it this question is very misleading. Answer D is not saying that the specific server traffic is going to use port2, it is saying Salesforce traffic will use it. Since Salesforce is in the business category, A becomes invalid and D becomes true.