Application Steering with SD-WAN and FortiGate Quiz

Play an AI-generated podcast conversation about this lesson

Which of the following triggers a session re-evaluation on the next packet?

Firewall policy lookup
Application detection
Dirty flag (correct)
Route lookup

What does FortiGate do if the application is not detected on a packet?

Drops the packet
Sends the packet to IPS for application detection (correct)
Stores the packet in the cache
Forwards the packet without further inspection

How many entries can the ISDB application cache contain?

256 entries
512 entries (correct)
2048 entries
1024 entries

What happens to old entries in the ISDB application cache when it is full?

They are deleted to make space for new entries (A) Signup and view all the answers

What does the 'app' field indicate on the SD-WAN session?

Application ID (C) Signup and view all the answers

What does the 'rpdb_svc_id' field indicate on the SD-WAN session?

ISDB application ID (A) Signup and view all the answers

When can a session initially match the wrong rule and member?

When the session 3-tuple doesn't have an entry in the ISDB application cache (D) Signup and view all the answers

What happens to subsequent sessions with the same 3-tuple after the application is learned?

They are routed to the expected member (A) Signup and view all the answers

What happens to the routing information of a session subject to S-NAT after the application is detected?

It is preserved (C) Signup and view all the answers

What is the purpose of running 'diagnose sys sdwan internet-service-app-ctrl-list' on the FortiGate CLI?

To view the ISDB application cache entries (D) Signup and view all the answers

Which of the following is true about the application learning phase in FortiGate?

FortiGate must identify the application before it can match the right rule. (A) Signup and view all the answers

What does the ISDB application cache in FortiGate map?

Destination IP, protocol, and destination port to an application and an SD-WAN rule. (B) Signup and view all the answers

When does FortiGate add a session 3-tuple to the ISDB application cache?

After the application is detected and the session 3-tuple doesn't match an entry in the cache. (C) Signup and view all the answers

What happens when a packet matches an entry in the ISDB application cache in FortiGate?

FortiGate routes the packet based on the matching SD-WAN rule and performs a firewall policy lookup. (C) Signup and view all the answers

What does FortiGate do if the 3-tuple on a packet doesn't match an entry in the ISDB application cache?

FortiGate performs route and firewall policy lookups for the packet. (C) Signup and view all the answers

What does FortiGate do after the firewall policy lookup for a packet?

FortiGate must identify the application using the IPS engine. (C) Signup and view all the answers

What does it mean when a session is flagged as dirty in FortiGate?

S-NAT conditions apply to the session. (B) Signup and view all the answers

How many applications can be mapped to a single 3-tuple in the ISDB application cache?

One (B) Signup and view all the answers

What does FortiGate do when it receives the first packet of a session?

Checks if the 3-tuple on the packet matches an entry in the ISDB application cache. (B) Signup and view all the answers

What is the purpose of the application learning phase in FortiGate?

To identify the application on the traffic before matching the right rule. (A) Signup and view all the answers