An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?
When configuring a FortiGate HA cluster, if switches continue to send traffic to the former primary device after a failover, the administrator should configure 'set link-failed-signal enable' under 'config system ha' on both cluster members. This setting forces the primary device to shut down all interfaces except management and HA for a brief period, simulating a link failure and prompting the switches to update their MAC address table entries. This solution ensures the switches direct traffic to the new primary device.
The answer is A, Enterprise_Firewall_7.2_Study_Guide, page 98
Page 98 in the Study Guide: After a failover, the new primary broadcasts GARP patckets, notifying the network that each vMAC address is now reachable on a different port, however on some switch-models that might not be enough. To solve the issue that MAC-tables on switches are not updated after a failover, you should configure the following on a HA-cluster: config system ha set link-failed-signal enable end This will force the primary device to shut down all devices except mgmt and HA for one second, forcing the connected l2 devices to update their MAC-tables, as this simulates a link failure.
The answer is A, Study_Guide 7.2, page 98
A is correct
The answer is A
Should be A as per https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-HA-link-failed-signal-and/ta-p/198050
Answer A : p98
The answer is A, Study_Guide 7.2, page 98
A for sure
A for sure
A its correct