Test Your Knowledge of IPsec Configuration for SD-WAN Overlays

Questions and Answers

Which interface is the tunnel bound to for the dial-up ISP1 overlays?

port4

port2

port1 (correct)

port3

What is the mode config address range for the dial-up ISP2 overlays?

10.201.1.0/24

10.204.1.0/24

10.202.1.0/24 (correct)

10.203.1.0/24

What is the type of the tunnel set to for the dial-up ISP1 overlays?

dynamic (correct)

static

manual

hybrid

Which version of IKE is often preferred for SD-WAN?

IKE-v2

What is the purpose of disabling the 'net-device' setting?

To improve performance on large deployments

What is the recommended mode for dead peer detection on dial-up servers?

On-demand

What is the purpose of enabling 'mode-cfg'?

To assign IP-addresses to overlays on spokes

What is the binding interface for the dial-up ISP2 overlays?

port2

What is the purpose of disabling the 'add-route' setting?

To exchange routing information through the tunnels

What is the recommended mode for hubs to scale better?

Passive

Which protocol is used for exchanging prefixes in the SD-WAN overlay design?

BGP

What is the purpose of the loopback interface in the SD-WAN overlay design?

To act as the target server for performance SLAs

Why is it necessary to disable net-device in the phase1 configuration of IPsec tunnels in the SD-WAN overlay design?

To allow BGP peerings

What is the benefit of using passive monitoring in the SD-WAN overlay design?

Reduced administrative overhead

What is the advantage of using route tags instead of fixed firewall address objects in the SD-WAN overlay design?

Easier configuration changes

Why is IBGP preferred over EBGP in the SD-WAN overlay design?

It preserves the next hop for prefixes

What must be enabled to support Equal Cost Multipath (ECMP) for IBGP routes in the SD-WAN overlay design?

ibgp-multipath

What is the purpose of the route-reflector-client setting in the SD-WAN overlay design?

To act as a route reflector

Why is the update-source setting configured in the BGP configuration of the SD-WAN overlay design?

To ensure consistency in source IP addresses

What does the BGP route reflector do in the SD-WAN overlay design?

Reflect learned routes from a spoke to other spokes

Which overlay does the hub use to learn the 10.0.1.0/24 prefix?

T_INET_0

What are the next hop IP addresses for the hub to learn the 10.0.1.0/24 prefix?

10.201.1.1 and 10.202.1.1

What does spoke2 perform to determine the outgoing interface for the prefixes?

Recursive lookup

Why are there two duplicate routes for the 10.0.1.0/24 prefix in the routing table of spoke2?

IBGP preserves the next hop

What is the reason for the hub not reflecting the path through 10.202.1.1?

The hub is not configured to advertise additional paths

What is the purpose of the neighbor-range entry in the IBGP configuration?

Defines the IP-address range for each neighbor group

What does the config network entry in the IBGP configuration indicate?

The interior gateway protocol and prefix to inject into the BGP table

Why is the network entry for 10.1.0.0/24 included in the IBGP configuration?

To advertise the connected route to the spokes

What does IGP refer to in the context of the hub routing table?

Non-BGP routes such as OSPF, Rip, connected, and static

Starting from which FortiOS versions are duplicate routes consolidated in the routing table output?

6.4.7 and 7.0.1