Routing Concepts and Troubleshooting Quiz

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which mode is the default mode for RPF check?

  • Loose
  • Feasible path (correct)
  • Active
  • Strict

In feasible path mode, the packet is accepted as long as there is one active route to the source IP through the incoming interface.

  • Depends on the source IP
  • Depends on the incoming interface
  • True (correct)
  • False

Does the packet from 10.4.0.1 to 10.1.0.1 get accepted?

  • Depends on the interface
  • No
  • Depends on the route
  • Yes (correct)

Does the packet from 172.16.1.1 to 10.1.0.1 get accepted?

<p>No (B)</p> Signup and view all the answers

What was feasible path mode formerly known as?

<p>Loose (B)</p> Signup and view all the answers

Does the packet need to take the best route in feasible path mode?

<p>No (C)</p> Signup and view all the answers

Is there an active route to the IP-address 172.16.1.1 through port3?

<p>No (A)</p> Signup and view all the answers

What is the destination IP of the packet that is accepted?

<p>10.1.0.1 (A)</p> Signup and view all the answers

What is the destination IP of the packet that is not accepted?

<p>172.16.1.1 (D)</p> Signup and view all the answers

What is the default route used for?

<p>Accepting packets (A)</p> Signup and view all the answers

Which table does FortiGate go to if the action in a policy route is Stop Policy Routing?

<p>Route Cache (D)</p> Signup and view all the answers

What is the purpose of the Forwarding Information Base (FIB)?

<p>Packet Forwarding (D)</p> Signup and view all the answers

In a FortiGate high availability (H-A) cluster, which table exists only on the secondary FortiGate?

<p>Forwarding Information Base (A)</p> Signup and view all the answers

What happens if there is no match in any of the routing tables?

<p>Packet is dropped (C)</p> Signup and view all the answers

What is the first criteria used by FortiGate to select a route when there are multiple routes to a destination?

<p>Longest netmask (D)</p> Signup and view all the answers

When does FortiGate use the lowest metric as the tiebreaker for dynamic routes?

<p>When there are multiple routes with the same distance (C)</p> Signup and view all the answers

Which type of routes does FortiGate use the lowest priority as the tiebreaker?

<p>Static routes (C)</p> Signup and view all the answers

What is equal cost multipath (ECMP) used for?

<p>Traffic sharing (C)</p> Signup and view all the answers

Under what conditions does FortiGate add a static route to the routing table?

<p>All of the above (D)</p> Signup and view all the answers

What does the reverse path forwarding (RPF) check protect against?

<p>IP spoofing attacks (B)</p> Signup and view all the answers

FortiGate performs routing table lookup how many times for any session?

<p>Twice (D)</p> Signup and view all the answers

What happens to the route information in the session table after a routing change?

<p>It is flushed from affected sessions and route cache (D)</p> Signup and view all the answers

How many routing lookups does FortiGate usually perform for a traffic session?

<p>Two (D)</p> Signup and view all the answers

When would FortiGate perform additional routing table lookups?

<p>After a routing change (B)</p> Signup and view all the answers

How does FortiGate decide routes?

<p>Based on the routing modules (D)</p> Signup and view all the answers

Which command can be used to view FortiGate's policy routes?

<p>diagnose firewall proute list (D)</p> Signup and view all the answers

How many routing modules does FortiGate have?

<p>One (A)</p> Signup and view all the answers

What does FortiGate do with the routing information after performing routing lookups for a session?

<p>It stores the routing information in the session table (C)</p> Signup and view all the answers

What happens to the route information in the session table after a routing change?

<p>It is flushed from affected sessions and route cache (B)</p> Signup and view all the answers

Is FortiGate a stateful or stateless device?

<p>Stateful (D)</p> Signup and view all the answers

Flashcards are hidden until you start studying

Study Notes

RPF Check

  • The default mode for RPF check is feasible path mode.

Feasible Path Mode

  • In feasible path mode, a packet is accepted as long as there is one active route to the source IP through the incoming interface.
  • Feasible path mode was formerly known as "asymmetric routing".
  • The packet does not need to take the best route in feasible path mode.

Packet Acceptance

  • The packet from 10.4.0.1 to 10.1.0.1 gets accepted.
  • The packet from 172.16.1.1 to 10.1.0.1 gets accepted.

Route Information

  • There is no active route to the IP address 172.16.1.1 through port3.
  • The destination IP of the packet that is accepted is 10.1.0.1.
  • The destination IP of the packet that is not accepted is not specified.

Routing

  • The default route is used for routing packets when there is no specific route.
  • When the action in a policy route is Stop Policy Routing, FortiGate goes to the Kernel routing table.
  • The purpose of the Forwarding Information Base (FIB) is to facilitate routing decisions.
  • In a FortiGate high availability (H-A) cluster, the secondary FortiGate has a dedicated routing table.
  • If there is no match in any of the routing tables, FortiGate uses the default route.
  • The first criteria used by FortiGate to select a route when there are multiple routes to a destination is the longest prefix match.
  • FortiGate uses the lowest metric as the tiebreaker for dynamic routes when there are multiple routes with the same prefix length.
  • FortiGate uses the lowest priority as the tiebreaker for static routes.
  • Equal cost multipath (ECMP) is used for load balancing and redundancy.

Route Addition

  • FortiGate adds a static route to the routing table when the route is configured manually.

RPF Protection

  • The reverse path forwarding (RPF) check protects against spoofing attacks.

Routing Table Lookup

  • FortiGate performs routing table lookup only once for any session.
  • The route information in the session table is updated after a routing change.
  • FortiGate usually performs one routing lookup for a traffic session.
  • FortiGate performs additional routing table lookups when the routing table changes or the session is re-established.

Route Decision

  • FortiGate decides routes based on the routing table and policy routes.

Policy Routes

  • The command to view FortiGate's policy routes is "diag debug appl cs-route".

Routing Modules

  • FortiGate has two routing modules: the kernel routing table and the FIB.

Routing Information

  • After performing routing lookups for a session, FortiGate stores the routing information in the session table.
  • The route information in the session table is updated after a routing change.
  • FortiGate is a stateful device.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

More Like This

Module 14: Routing Concepts
28 questions
Use Quizgecko on...
Browser
Browser