Test Your Knowledge of IPsec Configuration for SD-WAN Overlays

Questions and Answers

Which interface is the tunnel bound to for the dial-up ISP1 overlays?

• port4
• port2
• port1 (correct)
• port3

What is the mode config address range for the dial-up ISP2 overlays?

• 10.201.1.0/24
• 10.204.1.0/24
• 10.202.1.0/24 (correct)
• 10.203.1.0/24

What is the type of the tunnel set to for the dial-up ISP1 overlays?

• dynamic (correct)
• static
• manual
• hybrid

Which version of IKE is often preferred for SD-WAN?

IKE-v2 (B)

What is the purpose of disabling the 'net-device' setting?

To improve performance on large deployments (C)

What is the recommended mode for dead peer detection on dial-up servers?

On-demand (A)

What is the purpose of enabling 'mode-cfg'?

To assign IP-addresses to overlays on spokes (B)

What is the binding interface for the dial-up ISP2 overlays?

port2 (C)

What is the purpose of disabling the 'add-route' setting?

To exchange routing information through the tunnels (B)

What is the recommended mode for hubs to scale better?

Passive (C)

Which protocol is used for exchanging prefixes in the SD-WAN overlay design?

BGP (D)

What is the purpose of the loopback interface in the SD-WAN overlay design?

To act as the target server for performance SLAs (A)

Why is it necessary to disable net-device in the phase1 configuration of IPsec tunnels in the SD-WAN overlay design?

To allow BGP peerings (A)

What is the benefit of using passive monitoring in the SD-WAN overlay design?

Reduced administrative overhead (C)

What is the advantage of using route tags instead of fixed firewall address objects in the SD-WAN overlay design?

Easier configuration changes (C)

Why is IBGP preferred over EBGP in the SD-WAN overlay design?

It preserves the next hop for prefixes (D)

What must be enabled to support Equal Cost Multipath (ECMP) for IBGP routes in the SD-WAN overlay design?

ibgp-multipath (D)

What is the purpose of the route-reflector-client setting in the SD-WAN overlay design?

To act as a route reflector (B)

Why is the update-source setting configured in the BGP configuration of the SD-WAN overlay design?

To ensure consistency in source IP addresses (A)

What does the BGP route reflector do in the SD-WAN overlay design?

Reflect learned routes from a spoke to other spokes (C)

Which overlay does the hub use to learn the 10.0.1.0/24 prefix?

T_INET_0 (C)

What are the next hop IP addresses for the hub to learn the 10.0.1.0/24 prefix?

10.201.1.1 and 10.202.1.1 (C)

What does spoke2 perform to determine the outgoing interface for the prefixes?

Recursive lookup (C)

Why are there two duplicate routes for the 10.0.1.0/24 prefix in the routing table of spoke2?

IBGP preserves the next hop (C)

What is the reason for the hub not reflecting the path through 10.202.1.1?

The hub is not configured to advertise additional paths (A)

What is the purpose of the neighbor-range entry in the IBGP configuration?

Defines the IP-address range for each neighbor group (A)

What does the config network entry in the IBGP configuration indicate?

The interior gateway protocol and prefix to inject into the BGP table (B)

Why is the network entry for 10.1.0.0/24 included in the IBGP configuration?

To advertise the connected route to the spokes (D)

What does IGP refer to in the context of the hub routing table?

Non-BGP routes such as OSPF, Rip, connected, and static (D)

Starting from which FortiOS versions are duplicate routes consolidated in the routing table output?

6.4.7 and 7.0.1 (D)

Flashcards are hidden until you start studying