CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Fortinet
  5. NSE7_SDW-7.0

Free NSE7_SDW-7.0 Exam Braindumps (page: 4)

Page 3 of 18
PDF with 70 Questions

Which CLI command do you use to perform real-time troubleshooting for ADVPN negotiation?

  1. get router info routing-table all
  2. diagnose debug application ike
  3. diagnose vpn tunnel list
  4. get ipsec tunnel list

Answer(s): B

Explanation:

IKE real-time debug - useful when debugging ADVPN shortcut messages and spoke-to-spoke negotiations.
· diagnose debug console timestamp enable
· diagnose vpn ike log filter clear
· diagnose vpn ike log filter mdst-addr4 <ip.of.hub> <ip.of.spoke> · diagnose debug application ike -1
· diagnose debug enable



Refer to the exhibits.



Exhibit B ­



Exhibit A shows the system interface with the static routes and exhibit B shows the firewall policies on the managed FortiGate.
Based on the FortiGate configuration shown in the exhibits, what issue might you encounter when creating an SD-WAN zone for port1 and port2?

  1. port1 is assigned a manual IP address.
  2. port1 is referenced in a firewall policy.
  3. port2 is referenced in a static route.
  4. port1 and port2 are not administratively down.

Answer(s): B



Which two statements are correct when traffic matches the implicit SD-WAN rule? (Choose two.)

  1. The sdwan_service_id flag in the session information is 0.
  2. All SD-WAN rules have the default setting enabled.
  3. Traffic does not match any of the entries in the policy route table.
  4. Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

Answer(s): A,C

Explanation:

sdwan_service_id is 0 = match SD-WAN implicit rule, study guide 7.0 page 120, 7.2 page 149 SD-WAN rules internally are interpreted as a Policy route, so when the traffic doesn't match with any policy route, it will be flowing by implict policy.



Refer to the exhibit.



An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1

and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0. Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)

  1. The traffic matches a regular policy route configured with T_INET_1_0 as the outgoing device.
  2. T_INET_1_0 has a lower route priority value (higher priority) than T_INET_0_0.
  3. T_INET_0_0 does not have a valid route to the destination.
  4. T_INET_1_0 has a higher member configuration priority than T_INET_0_0.

Answer(s): A,C

Explanation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Assigning-Priority-to-SD-WAN-Members- for-Default/ta-p/230911






Post your Comments and Discuss Fortinet NSE7_SDW-7.0 exam with other Community members:

NSE7_SDW-7.0 Discussions & Posts