Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0. However, the traffic is routed over T_INET_1.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
The observed behavior that causes traffic to be routed over T_INET_1 instead of T_INET_0 can be justified for two reasons. Firstly, there might be a regular policy route configured that specifically directs traffic to T_INET_1, overriding the expected SD-WAN rule matching T_INET_0. Secondly, the routing table output does not show a valid route for T_INET_0 to reach the 10.0.0.0/8 network, which means that T_INET_0 cannot be used to route traffic to that destination. Therefore, the traffic defaults to T_INET_1.
A&D must be the correct answers based on the exhibition: A because that is an actual fact with regards to the router info output D because T_INET_0 is not listed in the routing info output, and there are no places in the exhibition showing anything related to policy based routing
Changed my mind on this one... Right answer is B & D A is wrong - a lower priority route for T_INET_0 would have been visible in the routing-table exhibit B is correct - traffic could match a policy route (even if not shown in exhibit though) with T_INET_1 as outgoing interface C is wrong for several reasons D is correct - routing-table exhibit shows no route for T_INET_0, T_INET_0 is therefore not considered
If D is correct, how you will see the prefix in the routing table, this is against the SDWAN rules? If you select D it is absolutely natural to select A.
A and D - no valid route
These are the correct answers, just passed the exam with a 100% score.
It is B and D, just passed the exam with a 100% score so must be B and D on de Exam
B - Wrong There is no PBR details anywhere while there is a static route to T_INET_1 and definitely SDWAN rules. PBR is an assumption C - Wrong the member configuration priority refers to which interface added first in the rule and as you see the first one at the top of service(1) is T_INET_0 therefore that option is wrong as INET_1 has lower member configuration priority than INET_0 as is added later
I think too... right answers are B & D.
AD No mention of policy routes in exibits No valid route through T_INET_0 in exibits
BD correct
B et D is best anser. In fact, priority is not use on SD-WAN rules just in implicit SD-WAN rule.
D - Correct We see only a static route to T-INET_1 so there is no valid route to INET_0 therefore this is correct A - Correct if you have a fortigate go to SDWAN-> SDWAN ZONES -> click to a zone you configured and check which interfaces you added in that zone. if you click any interfaces you will see an the option to specify "priority". Go on the exclamation mark and see what it says. The lower the value the higher the route priority. T_INET_1 has priority 1 while T_INET_0 has priority 10 therefore T-INET_1 has a higher route priority as it has lower value/ Therefore C & B are wrong.
A is not correct. Priority is only used for the implicit rule which is not the case in this question.
After reading once and again this question, I've found this: the commando get router info routing-table all user "grep T_INET_" So, grep should lists entries for T_INET_0 and T_INTE_1. However, there is only one entry for T_INET_1 This means: A) Wrong. Even if it matchet sdwan rule 1, the only valid member is 2: T_INET_1 B) Can be right. A regular policy with T_INET_1 would work because there is a route in the routing table. C) Wrong. Same as "A". D) It's 100% right. T_INET_0 does not have a valid route.
"A" can't be right. Page 197: "Do not confuse the member configuration priority with the Priority setting available on the SD-WAN member configuration. The latter is used for the priority of static routes for members when you configure static routes for zones. The former refers to the member priority based on the Interface Preference list configuration. Members that are configured first in the list have higher priority over those configured last. The Priority setting is used as a tiebreaker for ECMP routes when matching the implicit SD-WAN rule." Priority SETTING is not relevant in this case because there is no static route for zone, so there is NOT ECMP. There is only one route to 10.0.0.0/8 pointing to T_INET_1. "B" is a possible reason even if there is no exhibit. Policy routes come before ISDB rules and SDWAN rules. If there is a policy route pointing to T_INET_1 it has precedence over sdwan rules. And will work because there is a valid route through T_INET_1.
"C" can't be right. Page 87: "cfg-order instructs FortiGate to use the member configuration order as the tiebreaker for the selected member. That is, members that are configured first, have higher priority." There is not tie because there is NO route through T_INET_0. So, even when the tie break is "cfg", member configuration priority is not relevant. "D" is right. There is no route to 10.0.0.0/8 pointing to T_INET_0
Priority not used for this purpose.
AD is correct
If I try to put in the explanation it gives a cloudflare error. really short version : D, route no exist on T_INET_0 A, 1 lower prio over 0 , yes, but only implicit rule B , could be , but nothing showing PBR on exam pick A+D
This is a bad question/example. We don't know the source besides "branch1_fgt", which has no reference to a subnet. We have to assume this is source 10.0.1.0/24. Info regarding PBR and other SDWAN config is missing as well. T_INET_1 has a lower route priority value (higher priority) than T_INET_0. This is technically true and this answer could be correct if the traffic would not match the SDWAN rule. We have to assume no other rules would match and it would hit the implicit ruleset. The implicit ruleset uses the FIB to determine the outgoing interface. Now the route in the FIB with lowest priority will get selected. Answer A could be correct, we are missing some relevant info.
Because there is no output shown regarding PBR it is not known if PBR could interface. PBR is performed before SDWAN so anything in SDWAN becomes irrelevant. Answer B could be correct, we are missing relevant info. Route priority difference has no impact on the route added to the active routing table. (Distance and weight will and only the best one will be added) Both T_INET_0 and T_INET_1 should show in the output. In this output only T_INET_1 is shown as a valid destination for 10.0.0.0/8. SDWAN members don't have a specific subnet as destination, rather 0.0.0.0/0. The presence of a more specific subnet implies the use of addditional config beyond what is shown. Ex. set default / set gateway , static route etc. Because T_INET_0 is not mentioned at all , all we know is there is no valid route to 10.0.0.0/8. Answer D is correct.
The only one we can safely count as wrong is C. There is nothing in the SDWAN rule that leads to T_INET_1 preferred over T_INET_0. Once again....poor question/example. On an actual exam my best bet would be A+D. There is nothing shown about PBR, thus would be the least valid answer. At least A has some relevance...
Here , if examtopics wont allow a long comment I will just cut it into smaller sections =D
A & B are correct.
PBRs are not visible with the command from the exhibit.