Routing Flashcards
(Routing Section) What is the default operation mode of ForitGate?
NAT mode: FTG operates as a Router.
(Routing) What is local-out traffic routing?
Traffic generated by FTG, typically for management purposes. (i.e. ping, downloading definitions)
(Routing) What is Firewall traffic routing?
Also called user traffic, refers to traffic going through the Firewall.
Does Routing occur before security process or after them?
Before
What is RIB
Routing information base: standard routing table
What is FIB
Forwarding Information base
What does the FIB do?
Contains info necessary to forward packets. It contains routes from the routing table as well as specific Kernel entries.
Can you view both the FIB and RIB on the FTG GUI?
No, just the RIB
How many route lookups does FTG do for each session?
Two, one form the originator, the other from the responder, this information is populated into session table. Subsequent packets are forwarded using the session table.
What routing protocols does FTG support?
RIP, OSPF, BGP, IS-IS (CLI Only)
What types of routes can you configure?
Policy
Internet Service
Do ISDB routes take precedence over other route
Yes.
How do you enable IPv6 Routing?
Turn it on in feature visibility
When the stop policy routing action is used in a policy route, which behaviour is expected
Fortigate routes the traffic based on the regular routing tale
What is the default AD for connected routes?
0
What is the default AD for Static SD-WAN routes
1
What is the default AD for Static DHCP routes?
5
What is the default AD for Static manual routes
10
What is the default AD for Static IKE routes
15
What is the default AD for EBGP
20
What is the default AD for OSPF
110
What is the default AD for IS-IS
115
What is the default AD for RIP
120
What is the default AD for IBGP
200
What has to be the same for ECMP to install routes in the routing table?
Destination subnet, distance, metric, priority
What is the default ECMP load balancing algorithms?
Source IP
What is the SD-WAN route look-up order?
Reg policy routes
ISDB Routes
SD-WAN rules
FIB entries
What is the difference between load-balance-mode and v4-ecmp-mode?
v4-ecmp-mode does not support the volume load balancing algorithm
How does the volume algorithm work?
it tracks the cumulative number of bytes of the member and to distribute sessions based weight. The higher the weight the higher the target volume of the interface.
What does RPF stand for?
Reverse path forwarding
What are the two RPF modes?
Feasible path (loose) default mode
Strict: verifies that the matching route is the best route in the routing table.
How does a Strict RPF check fail?
It failed if the routing table contained a matching route for the source add and incoming int, but there is a better route for the source add through another interface,.
How many probes does it take before FTG assumes a link is dead?
5 from each server
What are the link Health Monitor Protocols?
Ping, TCP or UDP echo request, TWAMP (both UDP and TCP) , HTTP
What is TWAMP
Two-way active measurement protocol. FTG uses client-side implementation.
When using link health monitoring, which attribute do you configure to achieve route failover protection?
Distance
How can you identify policy routes?
They have an ID less than 65535
How can you identify ISDB routes
They have an ID greater than 65535 and no vwl_service
How can you identify SD-WAN policy rule?
The have an ID greater than 55535 and a vwl_service present.
