Refer to the exhibit.
Based on the output, which two conclusions are true? (Choose two.)
A. There is more than one SD-WAN rule configured.
B. The SD-WAN rules take precedence over regular policy routes.
C. The all_rules rule represents the implicit SD-WAN rule.
D. Entry 1(id=1) is a regular policy route.
Which diagnostic command can you use to show the SD-WAN rules, interface information, and state?
diagnose sys sdwan service
diagnose sys sdwan route-tag-list
diagnose sys sdwan member
A. diagnose sys sdwan neighbor
Refer to the exhibit.
An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0. Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
A. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
B. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
C. T_INET_0_0 does not have a valid route to the destination.
D. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.
Refer to the exhibits.
Exhibit A shows the configuration for an SD-WAN rule and exhibit B shows the respective rule status, the routing table, and the member status.
The administrator wants to understand the expected behavior for traffic matching the SDWAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
A. The traffic will be load balanced across all three overlays.
B. The traffic will be routed over T_INET_0_0.
C. The traffic will be routed over T_MPLS_0.
D. The traffic will be routed over T_INET_1_0.
Refer to the exhibits.
Exhibit A shows the source NAT (SNAT) global setting and exhibit B shows the routing table on FortiGate. Based on the exhibits, which two actions does FortiGate perform on existing sessions established over port2, if the administrator increases the static route priority on port2 to 20? (Choose two.)
A. FortiGate flags the sessions as dirty.
B. FortiGate continues routing the sessions with no SNAT, over port2.
C. FortiGate performs a route lookup for the original traffic only.
D. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2.
Refer to the exhibit.
The device exchanges routes using IBGP. Which two statements are correct about the IBGP configuration and routing information on
the device? (Choose two.)
A. Each BGP route is three hops away from the destination.
B. ibgp-multipath is disabled.
C. Additional-path is enabled.
D. You can run the get router info routing-table database command to display the additional paths.
What are two reasons for using FortiManager to organize and manage the network for a group of FortiGate devices? (Choose two.)
A. It simplifies the deployment and administration of SD-WAN on managed FortiGate devices.
B. It improves SD-WAN performance on the managed FortiGate devices.
C. It sends probe signals as health checks to the beacon servers on behalf of FortiGate.
D. It acts as a policy compliance entity to review all managed FortiGate devices.
E. It reduces WAN usage on FortiGate devices by acting as a local FortiGuard server.
Which action fortigate performs on the traffic that is subject to a per-IP traffic shaper of 10Mbps?
A. FortiGate applies traffic shaping to the original traffic direction only.
B. FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses. RIAS
C. Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.
D. FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.
What is a benefit of using application steering in SD-WAN?
A. The traffic always skips the regular policy routes.
B. You steer traffic based on the detected application.
C. You do not need to enable SSL inspection.
D. You do not need to configure firewall policies that accept the SD-WAN traffic.
Refer to the exhibit, which shows the IPsec phase 1 configuration of a spoke.
What must you configure on the IPsec phase 1 configuration for ADVPN to work with SDWAN?
A. You must set ike-version to 1.
B. You must enable net-device.
C. You must enable auto-discovery-sender.
D. You must disable idle-timeout.