Routing

Question 1

(Routing Section) What is the default operation mode of ForitGate?

Answer 1

NAT mode: FTG operates as a Router.

Question 2

(Routing) What is local-out traffic routing?

Answer 2

Traffic generated by FTG, typically for management purposes. (i.e. ping, downloading definitions)

Question 3

(Routing) What is Firewall traffic routing?

Answer 3

Also called user traffic, refers to traffic going through the Firewall.

Question 4

Does Routing occur before security process or after them?

Answer 4

Before

Question 5

What is RIB

Answer 5

Routing information base: standard routing table

Question 6

What is FIB

Answer 6

Forwarding Information base

Question 7

What does the FIB do?

Answer 7

Contains info necessary to forward packets. It contains routes from the routing table as well as specific Kernel entries.

Question 8

Can you view both the FIB and RIB on the FTG GUI?

Answer 8

No, just the RIB

Question 9

How many route lookups does FTG do for each session?

Answer 9

Two, one form the originator, the other from the responder, this information is populated into session table. Subsequent packets are forwarded using the session table.

Question 10

What routing protocols does FTG support?

Answer 10

RIP, OSPF, BGP, IS-IS (CLI Only)

Question 11

What types of routes can you configure?

Answer 11

Policy
Internet Service

Question 12

Do ISDB routes take precedence over other route

Answer 12

Yes.

Question 13

How do you enable IPv6 Routing?

Answer 13

Turn it on in feature visibility

Question 14

When the stop policy routing action is used in a policy route, which behaviour is expected

Answer 14

Fortigate routes the traffic based on the regular routing tale

Question 15

What is the default AD for connected routes?

Answer 15

0

Question 16

What is the default AD for Static SD-WAN routes

Answer 16

1

Question 17

What is the default AD for Static DHCP routes?

Answer 17

5

Question 18

What is the default AD for Static manual routes

Answer 18

10

Question 19

What is the default AD for Static IKE routes

Answer 19

15

Question 20

What is the default AD for EBGP

Answer 20

20

Question 21

What is the default AD for OSPF

Answer 21

110

Question 22

What is the default AD for IS-IS

Answer 22

115

Question 23

What is the default AD for RIP

Answer 23

120

Question 24

What is the default AD for IBGP

Answer 24

200

Question 25

What has to be the same for ECMP to install routes in the routing table?

Answer 25

Destination subnet, distance, metric, priority

Question 26

What is the default ECMP load balancing algorithms?

Answer 26

Source IP

Question 27

What is the SD-WAN route look-up order?

Answer 27

Reg policy routes
ISDB Routes
SD-WAN rules
FIB entries

Question 28

What is the difference between load-balance-mode and v4-ecmp-mode?

Answer 28

v4-ecmp-mode does not support the volume load balancing algorithm

Question 29

How does the volume algorithm work?

Answer 29

it tracks the cumulative number of bytes of the member and to distribute sessions based weight. The higher the weight the higher the target volume of the interface.

Question 30

What does RPF stand for?

Answer 30

Reverse path forwarding

Question 31

What are the two RPF modes?

Answer 31

Feasible path (loose) default mode
Strict: verifies that the matching route is the best route in the routing table.

Question 32

How does a Strict RPF check fail?

Answer 32

It failed if the routing table contained a matching route for the source add and incoming int, but there is a better route for the source add through another interface,.

Question 33

How many probes does it take before FTG assumes a link is dead?

Answer 33

5 from each server

Question 34

What are the link Health Monitor Protocols?

Answer 34

Ping, TCP or UDP echo request, TWAMP (both UDP and TCP) , HTTP

Question 35

What is TWAMP

Answer 35

Two-way active measurement protocol. FTG uses client-side implementation.

Question 36

When using link health monitoring, which attribute do you configure to achieve route failover protection?

Answer 36

Distance

Question 37

How can you identify policy routes?

Answer 37

They have an ID less than 65535

Question 38

How can you identify ISDB routes

Answer 38

They have an ID greater than 65535 and no vwl_service

Question 39

How can you identify SD-WAN policy rule?

Answer 39

The have an ID greater than 55535 and a vwl_service present.