Mastering SD-WAN Zone Configuration with FortiManager GUI
20 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which settings can be configured when creating an SD-WAN zone using Device Manager on FortiManager?

  • Name
  • Interface Members
  • service-sla-tie-break
  • All of the above (correct)
  • What does the 'cfg-order' setting do in an SD-WAN zone configuration?

  • It configures the SLA tie-breaker
  • It selects the member with the most specific route
  • It determines the order of the member configuration (correct)
  • It sets the priority of the zone
  • Which SD-WAN rule strategy does the 'service-sla-tie-break' setting not apply to?

  • Maximise Bandwidth SLA (correct)
  • All SD-WAN rule strategies
  • Load Balance SLA
  • Optimize SLA
  • In FortiGate CLI configuration, what settings are not available for IPsec interfaces?

    <p>Gateway and gateway6</p> Signup and view all the answers

    What is used as the tiebreaker for member selection in an SD-WAN zone configuration?

    <p>fib-best-match</p> Signup and view all the answers

    What can be found in the output of 'diagnose vpn tunnel list' in FortiOS 7.0?

    <p>Tunnel ID</p> Signup and view all the answers

    Which tool can be used to apply the SD-WAN configuration using FortiManager CLI templates and scripts?

    <p>FortiGate CLI</p> Signup and view all the answers

    What is the purpose of knowing the corresponding SD-WAN FortiGate CLI settings?

    <p>To apply the configuration using FortiManager CLI templates and scripts</p> Signup and view all the answers

    What is the default gateway for IPsec interfaces in FortiOS?

    <p>The tunnel ID</p> Signup and view all the answers

    When does FortiGate use tunnel IDs to determine the next hop for IPsec traffic?

    <p>Starting with FortiOS 7.0</p> Signup and view all the answers

    Which command can be used to display the SD-WAN settings with default values on the FortiGate CLI?

    <p>show full-configuration system sdwan</p> Signup and view all the answers

    What does the command 'diagnose sys sdwan member' display?

    <p>The current settings of each member</p> Signup and view all the answers

    What information stands out in the output of 'diagnose sys sdwan member'?

    <p>Configuration index number, gateway, and weight</p> Signup and view all the answers

    What does the configuration index number in 'diagnose sys sdwan member' match with?

    <p>The member index under config member in config system sdwan</p> Signup and view all the answers

    What does the output of 'diagnose sys sdwan member' display for members configured with automatic gateway detection?

    <p>The gateway detected by FortiGate</p> Signup and view all the answers

    What does FortiGate use as a gateway for IPsec interface members in 'diagnose sys sdwan member'?

    <p>The tunnel ID</p> Signup and view all the answers

    What does the weight setting in 'diagnose sys sdwan member' apply to?

    <p>The volume-based load balancing algorithm</p> Signup and view all the answers

    What does the command 'diagnose sys sdwan zone' display?

    <p>The configured zones and their members</p> Signup and view all the answers

    What information should match in 'diagnose sys sdwan zone' and 'diagnose netlink interface list'?

    <p>The kernel interface index number of a member</p> Signup and view all the answers

    Starting with FortiOS 7.0, what does FortiGate use tunnel IDs for?

    <p>To determine the next hop for IPsec traffic</p> Signup and view all the answers

    Study Notes

    SD-WAN Zone Configuration

    • When creating an SD-WAN zone using Device Manager on FortiManager, various settings can be configured.
    • The 'cfg-order' setting determines the order in which members are selected in an SD-WAN zone.

    SD-WAN Rule Strategy

    • The 'service-sla-tie-break' setting does not apply to the 'best-quality' SD-WAN rule strategy.

    FortiGate CLI Configuration

    • In FortiGate CLI configuration, some settings are not available for IPsec interfaces, such as default gateway settings.

    SD-WAN Zone Configuration Tiebreaker

    • The 'service-sla' metric is used as the tiebreaker for member selection in an SD-WAN zone configuration.

    Diagnose VPN Tunnel List

    • The output of 'diagnose vpn tunnel list' in FortiOS 7.0 displays information about VPN tunnels.

    SD-WAN Configuration Tool

    • The FortiManager CLI can be used to apply SD-WAN configurations using templates and scripts.

    Purpose of Knowing SD-WAN FortiGate CLI Settings

    • Knowing the corresponding SD-WAN FortiGate CLI settings is necessary for configuring SD-WAN using CLI commands.

    Default Gateway for IPsec Interfaces

    • The default gateway for IPsec interfaces in FortiOS is the IP address of the VPN interface.

    Tunnel IDs for IPsec Traffic

    • FortiGate uses tunnel IDs to determine the next hop for IPsec traffic when the same VPN IP address is used for multiple tunnels.

    Displaying SD-WAN Settings

    • The command 'diagnose sys sdwan zone' can be used to display the SD-WAN settings with default values on the FortiGate CLI.

    Diagnose Sys Sdwan Member Command

    • The command 'diagnose sys sdwan member' displays information about SD-WAN members, including their configuration index numbers and weights.
    • The configuration index number matches the SD-WAN zone configuration index number.
    • For members configured with automatic gateway detection, the output displays the automatically detected gateway IP address.
    • The weight setting applies to the priority of each member.
    • FortiGate uses the gateway IP address of the IPsec interface members as the gateway.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on configuring SD-WAN zones using the FortiManager GUI. Learn about settings such as zone name, interface members, and service-sla-tie-break. Challenge yourself to understand how these settings impact SD-WAN rule strategies in FortiGate.

    More Like This

    Fortinet Security Fabric
    22 questions

    Fortinet Security Fabric

    VisionarySugilite avatar
    VisionarySugilite
    Master SD-WAN
    40 questions

    Master SD-WAN

    VisionarySugilite avatar
    VisionarySugilite
    Fortinet's Azure Product Knowledge Quiz
    20 questions
    Use Quizgecko on...
    Browser
    Browser