Routing Flashcards

1
Q

(Routing Section) What is the default operation mode of ForitGate?

A

NAT mode: FTG operates as a Router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(Routing) What is local-out traffic routing?

A

Traffic generated by FTG, typically for management purposes. (i.e. ping, downloading definitions)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(Routing) What is Firewall traffic routing?

A

Also called user traffic, refers to traffic going through the Firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Does Routing occur before security process or after them?

A

Before

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is RIB

A

Routing information base: standard routing table

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is FIB

A

Forwarding Information base

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the FIB do?

A

Contains info necessary to forward packets. It contains routes from the routing table as well as specific Kernel entries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Can you view both the FIB and RIB on the FTG GUI?

A

No, just the RIB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How many route lookups does FTG do for each session?

A

Two, one form the originator, the other from the responder, this information is populated into session table. Subsequent packets are forwarded using the session table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What routing protocols does FTG support?

A

RIP, OSPF, BGP, IS-IS (CLI Only)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What types of routes can you configure?

A

Policy
Internet Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Do ISDB routes take precedence over other route

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How do you enable IPv6 Routing?

A

Turn it on in feature visibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When the stop policy routing action is used in a policy route, which behaviour is expected

A

Fortigate routes the traffic based on the regular routing tale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the default AD for connected routes?

A

0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the default AD for Static SD-WAN routes

A

1

17
Q

What is the default AD for Static DHCP routes?

A

5

18
Q

What is the default AD for Static manual routes

A

10

19
Q

What is the default AD for Static IKE routes

A

15

20
Q

What is the default AD for EBGP

A

20

21
Q

What is the default AD for OSPF

A

110

22
Q

What is the default AD for IS-IS

A

115

23
Q

What is the default AD for RIP

A

120

24
Q

What is the default AD for IBGP

A

200

25
Q

What has to be the same for ECMP to install routes in the routing table?

A

Destination subnet, distance, metric, priority

26
Q

What is the default ECMP load balancing algorithms?

A

Source IP

27
Q

What is the SD-WAN route look-up order?

A

Reg policy routes
ISDB Routes
SD-WAN rules
FIB entries

28
Q

What is the difference between load-balance-mode and v4-ecmp-mode?

A

v4-ecmp-mode does not support the volume load balancing algorithm

29
Q

How does the volume algorithm work?

A

it tracks the cumulative number of bytes of the member and to distribute sessions based weight. The higher the weight the higher the target volume of the interface.

30
Q

What does RPF stand for?

A

Reverse path forwarding

31
Q

What are the two RPF modes?

A

Feasible path (loose) default mode
Strict: verifies that the matching route is the best route in the routing table.

32
Q

How does a Strict RPF check fail?

A

It failed if the routing table contained a matching route for the source add and incoming int, but there is a better route for the source add through another interface,.

33
Q

How many probes does it take before FTG assumes a link is dead?

A

5 from each server

34
Q

What are the link Health Monitor Protocols?

A

Ping, TCP or UDP echo request, TWAMP (both UDP and TCP) , HTTP

35
Q

What is TWAMP

A

Two-way active measurement protocol. FTG uses client-side implementation.

36
Q

When using link health monitoring, which attribute do you configure to achieve route failover protection?

A

Distance

37
Q

How can you identify policy routes?

A

They have an ID less than 65535

38
Q

How can you identify ISDB routes

A

They have an ID greater than 65535 and no vwl_service

39
Q

How can you identify SD-WAN policy rule?

A

The have an ID greater than 55535 and a vwl_service present.