Routing Changes without Source NAT (S-NAT)

Questions and Answers

Which command can be used to configure session route persistence at the interface level?

config system global set session-persistence

config system interface set snat-route-change (correct)

config system global set snat-route-change

config system interface set session-persistence

What is the default value for session route persistence at the interface level?

enable

config system global set snat-route-change

disable (correct)

config system interface set snat-route-change

What happens to sessions passing through an interface when session route persistence is enabled?

They continue to pass without being affected by routing changes (correct)

They are terminated

They are affected by routing changes

They are rerouted to a different interface

What is the default setting for the 'snat-route-change' option when S-NAT is applied?

disable

What happens to sessions with S-NAT when 'snat-route-change' is disabled and a route changes?

They use the same outbound interface as long as the old route is still active

What happens to existing sessions with S-NAT when 'snat-route-change' is disabled and the priority of an interface is increased?

They continue to use the original route until they expire

What is the primary route for internet traffic when both ISP connections are up?

port1

What happens to new sessions when the priority of 'port1' is increased and 'snat-route-change' is disabled?

They start using 'port2'

What happens to existing sessions when the priority of 'port1' is increased and 'snat-route-change' is disabled?

They continue to use 'port1'

What is the default route for FortiGate?

port1

Which action is taken by FortiGate after a routing change when source NAT is not applied?

All of the above

What happens to the gateways and interfaces in a session after a routing change without source NAT?

They are set to 0.0.0.0/0 and 0

What does the 'preserve-session-route' configuration option on the CLI control?

The behavior of routing changes without source NAT

What is the default setting for the 'preserve-session-route' configuration option?

Disable

What happens when the 'preserve-session-route' configuration option is set to 'disable'?

FortiGate flushes all routing information from the session table after a route change

What does FortiGate do after a routing change when source NAT is not applied?

All of the above

What does the 'dirty' flag indicate in a session after a routing change without source NAT?

The session is affected by the routing change

What does the 'preserve-session-route' configuration option do when set to 'enable'?

FortiGate marks existing session routing information as persistent

What information is set to 0.0.0.0/0 and 0 in a session after a routing change without source NAT?

Interfaces

What does FortiGate do after a routing change when source NAT is not applied and the 'preserve-session-route' configuration option is set to 'disable'?

Flushes all routing information from the session table after a route change

Study Notes

Configuring Session Route Persistence

• The command to configure session route persistence at the interface level is not specified in the text.

Session Route Persistence

• When session route persistence is enabled, sessions passing through an interface are not affected by route changes.
• The default value for session route persistence at the interface level is not specified in the text.

S-NAT and Route Changes

• When S-NAT is applied, the default setting for the 'snat-route-change' option is not specified in the text.
• When 'snat-route-change' is disabled and a route changes, sessions with S-NAT are terminated.
• When 'snat-route-change' is disabled and the priority of an interface is increased, existing sessions with S-NAT are terminated.

Routing and Interfaces

• When both ISP connections are up, the primary route for internet traffic is not specified in the text.
• When the priority of 'port1' is increased and 'snat-route-change' is disabled, new sessions use the new primary route.
• When the priority of 'port1' is increased and 'snat-route-change' is disabled, existing sessions are terminated.

FortiGate Behavior

• The default route for FortiGate is not specified in the text.
• After a routing change when source NAT is not applied, FortiGate updates the gateways and interfaces in the session.
• After a routing change without source NAT, the gateways and interfaces in a session are updated.

Preserve-Session-Route Configuration

• The 'preserve-session-route' configuration option on the CLI controls whether FortiGate updates the gateways and interfaces in a session after a routing change.
• The default setting for the 'preserve-session-route' configuration option is not specified in the text.
• When the 'preserve-session-route' configuration option is set to 'disable', FortiGate updates the gateways and interfaces in a session after a routing change.
• When the 'preserve-session-route' configuration option is set to 'enable', FortiGate preserves the original gateways and interfaces in a session after a routing change.

Session Information

• In a session after a routing change without source NAT, the 'dirty' flag is set to indicate that the session needs to be updated.
• In a session after a routing change without source NAT, the information set to 0.0.0.0/0 and 0 indicates that the session needs to be updated.

Description

This quiz tests your understanding of routing changes without source NAT (S-NAT). Learn about what happens to routing information, route cache entries, and sessions that are not using S-NAT after a routing change. Improve your knowledge of FortiGate and its behavior in these scenarios.