nse8_812 Exam - Question 36

Question

Refer to the exhibit showing an SD-WAN configuration.

According to the exhibit, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, which outgoing interfaces will be used?

Examice · Accepted Answer

Considering the SD-WAN configuration and the diagnostic output, port1 and port15 will be used for the following reasons: According to the SD-WAN member status, all interfaces (port1, dmz, port15, and port16) are alive and have SLAs met. For traffic from the 172.16.205.0/24 subnet, the SD-WAN rule specifies using the priority-members in the order 1, 2, 3, 4 with a tie-break set to fib-best-match. Therefore, port1 (gateway 172.16.200.2) will be used for the first destination IP (10.1.100.2) based on the priority order, and port15 (gateway 172.16.209.2) will be used for the second destination IP (10.1.100.22) based on the fib-best-match criterion from the static route.

Viewable8041 · Answer

Port 1 first because of the member order
Port 15 because of tie break option and member order

ama6 · Answer

A. port16 and port1

is correct for me 
the SD-WAN configuration has two rules: one for traffic to 10.1.100.0/24 subnet, and one for traffic to 10.1.100.16/28 subnet. The first rule uses the best quality strategy, which selects the SD-WAN member with the best measured quality based on performance SLA metrics.

node345 · Answer

Tested in a demo environment. D is correct.

JackieTYF · Answer

https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/686587/ecmp-support-for-the-longest-match-in-sd-wan-rule-matching

dspavvn · Answer

Port1 will be used for the ping to 10.1.100.2 based on the config order in the SDWAN and the sla status "alive".
Port15 will be used for ping to 10.1.100.22 because of the fib-best-match and the route being a /32 in the fib, plus the configuration order in the SDWAN rule being before port16.

nse8_812 Exam - Question 36

Discussion