A customer has implemented GWLB between the partner and application VPCs. FortiGate appliances are deployed in the partner VPC with multiple AZs to inspect traffic transparently.
Which two things will happen to application traffic based on the GWLB deployment? (Choose two.)
When using Gateway Load Balancer (GWLB) for traffic inspection with FortiGate appliances, inbound and outbound traffic must go to the same device to enable stateful processing. This ensures that the firewall can properly track and manage the connection states. Additionally, the content of the original traffic exchanged between the GWLB and FortiGate will be preserved, leveraging encapsulation methods such as GENEVE to maintain traffic integrity.
GWLB ensures that traffic flows are sent to the same appliance to maintain stateful processing. This is critical for the functioning of stateful firewalls like FortiGate, which need to keep track of the state of connections to inspect traffic effectively. GLB and the virtual appliances exchange application traffic with other using GENEVE, which allows GWLB to preserve the content of the original traffic.
B,C should be correct
Inbound and outbound traffic will go to the same device, which will perform stateful processing: The Gateway Load Balancer (GWLB) in AWS ensures that traffic is forwarded to the same FortiGate device for stateful inspection. This ensures that the session remains intact during the processing. The content of the original traffic exchanged between the GWLB and FortiGate will be preserved: The GWLB uses the Generic Network Virtualization Encapsulation (GENEVE) protocol, which preserves the original traffic content during its transmission to and from the FortiGate device for inspection. These references confirm that GWLB ensures stateful traffic processing and preserves the content of the original traffic when exchanged between the GWLB and FortiGate appliances.
Answer should be Answer : A, B
Study guide pages 147 and 150.
Options A and D are incorrect: A: Suggesting that inbound and outbound traffic will go to multiple devices would break stateful processing. Instead, GWLB ensures that both directions of a flow end up at the same appliance. D: GWLB does not hash the original traffic content for data integrity. It uses flow-based hashing to ensure symmetrical routing, but the packet content itself remains intact and is not hashed for integrity checks in this manner.