NSE5_SSE_AD-7.6 · Question #12
NSE5_SSE_AD-7.6 Question #12: Real Exam Question with Answer & Explanation
The correct answer is B. Routing D. Interfaces E. Firewall policies. Routing: For a packet to even be considered by the SD-WAN engine, there must be a matching route in the Forwarding Information Base (FIB). Usually, this is a static route where the destination is the network you want to reach, and the gateway interface is set to the SD-WAN virtua
Question
Options
- ATraffic shaping
- BRouting
- CSecurity profiles
- DInterfaces
- EFirewall policies
Explanation
Routing: For a packet to even be considered by the SD-WAN engine, there must be a matching route in the Forwarding Information Base (FIB). Usually, this is a static route where the destination is the network you want to reach, and the gateway interface is set to the SD-WAN virtual interface (or a specific SD-WAN zone). If there is no route pointing to SD-WAN, the FortiGate will use other routing table entries (like a standard static route) and bypass the SD- WAN rule-based steering logic entirely. Interfaces: You must first define the physical or logical interfaces (such as ISP links, LTE, or VPN tunnels) as SD-WAN members. These members are then typically grouped into SD-WAN Zones. Without designated member interfaces, there is no "pool" of links for the SD-WAN rules to select Firewall Policies: In FortiOS, no traffic is allowed to pass through the device unless a Firewall Policy permits it. To steer traffic, you must have a policy where the Incoming Interface is the internal network and the Outgoing Interface is the SD-WAN zone (or the virtual-wan-link). The SD- WAN rule selection happens during the "Dirty" session state, which requires a policy match to proceed with the session creation.
Community Discussion
No community discussion yet for this question.