Application Steering with SD-WAN and FortiGate Quiz
20 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following triggers a session re-evaluation on the next packet?

  • Firewall policy lookup
  • Application detection
  • Dirty flag (correct)
  • Route lookup
  • What does FortiGate do if the application is not detected on a packet?

  • Drops the packet
  • Sends the packet to IPS for application detection (correct)
  • Stores the packet in the cache
  • Forwards the packet without further inspection
  • How many entries can the ISDB application cache contain?

  • 256 entries
  • 512 entries (correct)
  • 2048 entries
  • 1024 entries
  • What happens to old entries in the ISDB application cache when it is full?

    <p>They are deleted to make space for new entries</p> Signup and view all the answers

    What does the 'app' field indicate on the SD-WAN session?

    <p>Application ID</p> Signup and view all the answers

    What does the 'rpdb_svc_id' field indicate on the SD-WAN session?

    <p>ISDB application ID</p> Signup and view all the answers

    When can a session initially match the wrong rule and member?

    <p>When the session 3-tuple doesn't have an entry in the ISDB application cache</p> Signup and view all the answers

    What happens to subsequent sessions with the same 3-tuple after the application is learned?

    <p>They are routed to the expected member</p> Signup and view all the answers

    What happens to the routing information of a session subject to S-NAT after the application is detected?

    <p>It is preserved</p> Signup and view all the answers

    What is the purpose of running 'diagnose sys sdwan internet-service-app-ctrl-list' on the FortiGate CLI?

    <p>To view the ISDB application cache entries</p> Signup and view all the answers

    Which of the following is true about the application learning phase in FortiGate?

    <p>FortiGate must identify the application before it can match the right rule.</p> Signup and view all the answers

    What does the ISDB application cache in FortiGate map?

    <p>Destination IP, protocol, and destination port to an application and an SD-WAN rule.</p> Signup and view all the answers

    When does FortiGate add a session 3-tuple to the ISDB application cache?

    <p>After the application is detected and the session 3-tuple doesn't match an entry in the cache.</p> Signup and view all the answers

    What happens when a packet matches an entry in the ISDB application cache in FortiGate?

    <p>FortiGate routes the packet based on the matching SD-WAN rule and performs a firewall policy lookup.</p> Signup and view all the answers

    What does FortiGate do if the 3-tuple on a packet doesn't match an entry in the ISDB application cache?

    <p>FortiGate performs route and firewall policy lookups for the packet.</p> Signup and view all the answers

    What does FortiGate do after the firewall policy lookup for a packet?

    <p>FortiGate must identify the application using the IPS engine.</p> Signup and view all the answers

    What does it mean when a session is flagged as dirty in FortiGate?

    <p>S-NAT conditions apply to the session.</p> Signup and view all the answers

    How many applications can be mapped to a single 3-tuple in the ISDB application cache?

    <p>One</p> Signup and view all the answers

    What does FortiGate do when it receives the first packet of a session?

    <p>Checks if the 3-tuple on the packet matches an entry in the ISDB application cache.</p> Signup and view all the answers

    What is the purpose of the application learning phase in FortiGate?

    <p>To identify the application on the traffic before matching the right rule.</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser