NSE4 Question #21: Real Exam Question with Answer & Explanation

Question

In the case of TCP traffic, which of the following correctly describes the routing table lookups performed by a FortiGate operating in NAT/Route mode, when searching for a suitable gateway?

Options

• AA lookup is done only when the first packet coming from the client (SYN) arrives.
• BA lookup is done when the first packet coming from the client (SYN) arrives, and a second one is
• CThree lookups are done during the TCP 3-way handshake (SYN, SYN/ACK, ACK).
• DA lookup is always done each time a packet arrives, from either the server or the client side.

Explanation

For TCP traffic, a FortiGate in NAT/Route mode performs two routing table lookups: one for the initial SYN packet from the client and another for the first SYN/ACK packet from the server.

Common mistakes.

• A. This is incomplete; a second lookup is performed for the SYN/ACK to potentially adjust the routing decision for the session.
• C. While the TCP 3-way handshake involves three packets, only two distinct routing lookups are typically performed for establishing the session, for the SYN and SYN/ACK packets.
• D. Routing lookups are generally performed per new session establishment; subsequent packets within that session follow the established session entry without repeated lookups, which would be inefficient.

Concept tested. FortiGate TCP session establishment routing lookups

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/admin-guides/508492/how-traffic-is-processed-by-fortigate

No community discussion yet for this question.