Examice

Exam nse7_sdw-72 All QuestionsBrowse all questions from this exam

Question 10

Refer to the exhibits.

Exhibit A.

Exhibit B.

An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in exhibit A.

After generating GoToMeeting test traffic, the administrator examined the respective traffic log on FortiAnalyzer, which is shown in exhibit B. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1.

Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two.)

Port1 and port2 do not have a valid route to the destination.

The session 3-tuple did not match any of the existing entries in the ISDB application cache.

Full SSL inspection is not enabled on the matching firewall policy.

FortiGate did not refresh the routing information on the session after the application was detected.

Correct Answer: B, D

One reason could be that the session 3-tuple, which includes the source IP, destination IP, and port number, did not match any existing entries in the Internet Service Database (ISDB) application cache. This means the traffic is not correctly identified by the application steering rule and defaults to the implicit SD-WAN rule. Another reason is that the FortiGate did not refresh the routing information on the session after the application was detected. By default, sessions subject to Source Network Address Translation (SNAT) are not re-evaluated after an application is identified. Because of this, the traffic continues to match the implicit rule rather than being re-mapped to the intended rule ID 1.

Discussion

lucientOptions: BD

B: There is no 3-tuple with IP 23.212.248.205 D: Page 156 of the study guide. "By default, SNAT sessions are not flagged as dirty following a routing change that impacts the session". So, the first routing match is the default sd wan rule. After identifying the app, the match is now rule ID 1. However, because there is SNAT to the Internet, the session is not marked as "dirty". It is not re-evaluated and traffic keeps going through port2.

romartinedgOptions: BD

B, D | Guía 7.2 pág. 192

Lomik29Option: D

D is correct when the session is subject to SNAT (by default, guide page 191)

alejandrofern43Options: BD

B (pag 191 study_guide 7.2) D descarte

KavinTOptions: BD

B & D are correct

ac89l

why D is correct ?

IBB90704Options: BD

B y D correctas