Podcast
Questions and Answers
Which settings can be configured when creating an SD-WAN zone using Device Manager on FortiManager?
Which settings can be configured when creating an SD-WAN zone using Device Manager on FortiManager?
- Name
- Interface Members
- service-sla-tie-break
- All of the above (correct)
What does the 'cfg-order' setting do in an SD-WAN zone configuration?
What does the 'cfg-order' setting do in an SD-WAN zone configuration?
- It configures the SLA tie-breaker
- It selects the member with the most specific route
- It determines the order of the member configuration (correct)
- It sets the priority of the zone
Which SD-WAN rule strategy does the 'service-sla-tie-break' setting not apply to?
Which SD-WAN rule strategy does the 'service-sla-tie-break' setting not apply to?
- Maximise Bandwidth SLA (correct)
- All SD-WAN rule strategies
- Load Balance SLA
- Optimize SLA
In FortiGate CLI configuration, what settings are not available for IPsec interfaces?
In FortiGate CLI configuration, what settings are not available for IPsec interfaces?
What is used as the tiebreaker for member selection in an SD-WAN zone configuration?
What is used as the tiebreaker for member selection in an SD-WAN zone configuration?
What can be found in the output of 'diagnose vpn tunnel list' in FortiOS 7.0?
What can be found in the output of 'diagnose vpn tunnel list' in FortiOS 7.0?
Which tool can be used to apply the SD-WAN configuration using FortiManager CLI templates and scripts?
Which tool can be used to apply the SD-WAN configuration using FortiManager CLI templates and scripts?
What is the purpose of knowing the corresponding SD-WAN FortiGate CLI settings?
What is the purpose of knowing the corresponding SD-WAN FortiGate CLI settings?
What is the default gateway for IPsec interfaces in FortiOS?
What is the default gateway for IPsec interfaces in FortiOS?
When does FortiGate use tunnel IDs to determine the next hop for IPsec traffic?
When does FortiGate use tunnel IDs to determine the next hop for IPsec traffic?
Which command can be used to display the SD-WAN settings with default values on the FortiGate CLI?
Which command can be used to display the SD-WAN settings with default values on the FortiGate CLI?
What does the command 'diagnose sys sdwan member' display?
What does the command 'diagnose sys sdwan member' display?
What information stands out in the output of 'diagnose sys sdwan member'?
What information stands out in the output of 'diagnose sys sdwan member'?
What does the configuration index number in 'diagnose sys sdwan member' match with?
What does the configuration index number in 'diagnose sys sdwan member' match with?
What does the output of 'diagnose sys sdwan member' display for members configured with automatic gateway detection?
What does the output of 'diagnose sys sdwan member' display for members configured with automatic gateway detection?
What does FortiGate use as a gateway for IPsec interface members in 'diagnose sys sdwan member'?
What does FortiGate use as a gateway for IPsec interface members in 'diagnose sys sdwan member'?
What does the weight setting in 'diagnose sys sdwan member' apply to?
What does the weight setting in 'diagnose sys sdwan member' apply to?
What does the command 'diagnose sys sdwan zone' display?
What does the command 'diagnose sys sdwan zone' display?
What information should match in 'diagnose sys sdwan zone' and 'diagnose netlink interface list'?
What information should match in 'diagnose sys sdwan zone' and 'diagnose netlink interface list'?
Starting with FortiOS 7.0, what does FortiGate use tunnel IDs for?
Starting with FortiOS 7.0, what does FortiGate use tunnel IDs for?
Study Notes
SD-WAN Zone Configuration
- When creating an SD-WAN zone using Device Manager on FortiManager, various settings can be configured.
- The 'cfg-order' setting determines the order in which members are selected in an SD-WAN zone.
SD-WAN Rule Strategy
- The 'service-sla-tie-break' setting does not apply to the 'best-quality' SD-WAN rule strategy.
FortiGate CLI Configuration
- In FortiGate CLI configuration, some settings are not available for IPsec interfaces, such as default gateway settings.
SD-WAN Zone Configuration Tiebreaker
- The 'service-sla' metric is used as the tiebreaker for member selection in an SD-WAN zone configuration.
Diagnose VPN Tunnel List
- The output of 'diagnose vpn tunnel list' in FortiOS 7.0 displays information about VPN tunnels.
SD-WAN Configuration Tool
- The FortiManager CLI can be used to apply SD-WAN configurations using templates and scripts.
Purpose of Knowing SD-WAN FortiGate CLI Settings
- Knowing the corresponding SD-WAN FortiGate CLI settings is necessary for configuring SD-WAN using CLI commands.
Default Gateway for IPsec Interfaces
- The default gateway for IPsec interfaces in FortiOS is the IP address of the VPN interface.
Tunnel IDs for IPsec Traffic
- FortiGate uses tunnel IDs to determine the next hop for IPsec traffic when the same VPN IP address is used for multiple tunnels.
Displaying SD-WAN Settings
- The command 'diagnose sys sdwan zone' can be used to display the SD-WAN settings with default values on the FortiGate CLI.
Diagnose Sys Sdwan Member Command
- The command 'diagnose sys sdwan member' displays information about SD-WAN members, including their configuration index numbers and weights.
- The configuration index number matches the SD-WAN zone configuration index number.
- For members configured with automatic gateway detection, the output displays the automatically detected gateway IP address.
- The weight setting applies to the priority of each member.
- FortiGate uses the gateway IP address of the IPsec interface members as the gateway.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on configuring SD-WAN zones using the FortiManager GUI. Learn about settings such as zone name, interface members, and service-sla-tie-break. Challenge yourself to understand how these settings impact SD-WAN rule strategies in FortiGate.
