Mastering SD-WAN Overlay Design

Questions and Answers

Which type of tunnel is set to static and known in the IPsec configuration for the spoke?

• Static; dial-up client (correct)
• Dynamic; dial-up client
• Static; dial-up server
• Dynamic; dial-up server

What is the purpose of enabling the net-device setting in SD-WAN?

• To increase the number of overlays deployed
• To enhance security
• To support AD-VPN shortcuts (correct)
• To improve performance

What is the configuration of the phase2 in the spoke?

• Not mentioned in the text
• Depends on the overlay
• The same as in the hub (correct)
• Different from the hub

What is the encryption domain in the spoke configuration?

Open to all traffic (B)

What is the purpose of assigning an IP-address for the overlays in the spoke configuration?

To obtain an IP-address using IKE mode configuration (B)

Which port is the tunnel bound to in the spoke configuration?

port1 (A)

What is the purpose of allowing ping in the spoke configuration?

To monitor network performance (B)

How many overlays are usually deployed on the spokes?

A small number (D)

What zone are the two overlays placed in the SD-WAN configuration for the spokes?

Overlay zone (A)

What is the main focus of the IPsec configuration for the spoke in this lesson?

Settings specific to the spoke (B)

Which IP address is used to measure the health and performance of the overlays?

10.200.99.1 (C)

What is the purpose of the VPN performance SLA?

To determine the best quality member in the overlay zone (D)

What are the default values for the BGP timers?

Keep alive: 60 seconds, Hold: 180 seconds, Advertysement: 30 seconds (B)

What does reducing the advertysement interval in BGP configuration help with?

Speeding up routing convergence (A)

What does enabling link down failover feature in BGP configuration do?

Brings down peerings immediately after the interface they use comes down (D)

What are the default values for the IPsec DPD settings?

Retry count: 3, Retry interval: 20 seconds (C)

What is the purpose of overlay stickiness on the hub?

To prefer spoke-to-spoke traffic to stay within the same-ISP overlays (C)

What happens when the hub receives the first packet of a spoke-to-spoke connection?

It performs a route lookup to determine the best route (D)

What is the default time it takes for DPD to detect a dead gateway?

80 seconds (B)

How can the time to detect a dead gateway using DPD be reduced to 30 seconds?

By setting the retry count and retry interval to 2 and 10 respectively (C)

Which type of traffic does FortiGate prefer to keep within same-ISP overlays in AD-VPN?

Spoke-to-spoke traffic (B)

What is the purpose of configuring policy routes in FortiGate for AD-VPN?

To improve performance (C)

When are the policy routes used in FortiGate for AD-VPN?

Only if the FIB contains a route for the outgoing overlay (A)

What is overlay stickiness in AD-VPN?

A preference for keeping spoke-to-spoke traffic within same-ISP overlays (B)

What is the main reason for the suboptimal performance in AD-VPN?

Added latency introduced by the cross-ISP overlay path (A)

What does the FIB stand for in FortiGate for AD-VPN?

Forwarding Information Base (B)

What happens if the FIB does not contain a route for the outgoing overlay in FortiGate for AD-VPN?

The policy routes are skipped and traffic is forwarded based on the best route in the FIB (A)

What is the purpose of overlay stickiness in AD-VPN?

To prevent spokes from negotiating shortcuts over unreachable underlays (A)

What is the importance of overlay stickiness in AD-VPN?

It helps prevent spokes from trying to negotiate shortcuts over unreachable underlays (A)

What will you learn more about in this lesson?

AD-VPN and overlay stickiness (C)

Flashcards are hidden until you start studying