An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?
To ensure that switches in the network clear their MAC tables and update them accordingly after a failover, enabling the link-failed-signal ensures that all interfaces, except the heartbeat and reserved management interfaces, shut down for a brief moment. This action simulates a link failure, prompting the network switches to clear these entries from their MAC tables, thereby fixing the issue where switches continue to send traffic to the former primary device.
Virtual MAC Address and Failover - The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port. - Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces): #Config system ha set link-failed-signal enable end - This simulates a link failure that clears the related entries from MAC table of the switches.
The answer is D
link-failed-signal - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network.
study guide 7.2 page 98
does this valid to 7.2?
The answer is D
Study guide page 206
D is correct. This forces ports to flap so that the switch clears CAM table
D of course
D is correct, see page 206 of 7.0 study guide
D - is correct.