When T_INET_0_0 and T_MPLS_0 have the same latency.

When T_MPLS_0 has a latency of 100 ms.

When T_INET_0_0 has a latency of 250 ms.

When T_N1PLS_0 has a latency of 80 ms.

FortiGate flushes all sessions.

FortiGate terminates the old sessions.

FortiGate does not change existing sessions.

FortiGate evaluates new sessions.

Create dynamic mapping for the LAN interface for all devices in the installation target list.

Use a metadata variable instead of a dynamic interface to define the firewall policy.

Dynamic mapping should be done automatically. Review the LAN interface configuration for branch2_fgt.

Policies can refer to only one LAN source interface. Keep only the D-LAN, which is the dynamic LAN interface.

The sdwan_service_id flag in the session information is 0.

All SD-WAN rules have the default setting enabled.

Traffic does not match any of the entries in the policy route table.

Traffic is load balanced using the algorithm set for the v4-ecmp-mode setting.

LAG

IPsec

Physical

GRE

Traffic has matched none of the FortiGate policy routes.

Matched traffic failed RPF and was caught by the rule.

The FIB lookup resolved interface was the SD-WAN interface.

An absolute SD-WAN rule was defined and matched traffic.

All traffic from a source IP to a destination IP is sent to the same interface.

All traffic from a source IP is sent to the same interface.

All traffic from a source IP is sent to the most used interface.

All traffic from a source IP to a destination IP is sent to the least used interface.

Provide direct internet access on spokes

Provide internet access through the hub

Centralize security inspection on the hub

Provide thorough inspection on spokes

get router info routing-table all

diagnose debug application ike

diagnose vpn tunnel list

get ipsec tunnel list

Set priority 10.

Set cost 15.

Set load-balance-mode source-ip-ip-based.

Set source 100.64.1.1.

FortiGate applies traffic shaping to the original traffic direction only.

FortiGate shares 10 Mbps of bandwidth equally among all source IP addresses.

RIAS

Fortigate limits each source ip address to a maximum bandwidth of 10 Mbps.

FortiGate guarantees a minimum of 10 Mbps of bandwidth to each source IP address.

It does not allow you to monitor the status of SD-WAN members.

It is enabled or disabled on a per-ADOM basis.

It is enabled by default.

It uses templates to configure SD-WAN on managed devices.

London generates an IKE information message that contains the Toronto public IP address.

Traffic from Toronto to London triggers the dynamic negotiation of a direct site-to-site VPN.

Toronto needs to establish a site-to-site tunnel with Hub 2 to bypass Hub 1.

The first packets from Toronto to London are routed through Hub 1 then to Hub 2.

The traffic always skips the regular policy routes.

You steer traffic based on the detected application.

You do not need to enable SSL inspection.

You do not need to configure firewall policies that accept the SD-WAN traffic.

update-source

set-route-tag

holdtime-timer

link-down-failover

FortiGate did not refresh the routing information on the session after the application was detected.

Port1 and port2 do not have a valid route to the destination.

Full SSL inspection is not enabled on the matching firewall policy.

The session 3-tuple did not match any of the existing entries in the ISDB application cache.

The gateway address of their IPsec interfaces

The tunnel ID of their IPsec interfaces

The IP address of their IPsec interfaces

The name of their IPsec interfaces

port1 is assigned a manual IP address.

port1 is referenced in a firewall policy.

port2 is referenced in a static route.

port1 and port2 are not administratively down.

The traffic shaper drops packets if the bandwidth is less than 2500 KBps.

The measured bandwidth is less than 100 KBps.

The traffic shaper drops packets if the bandwidth exceeds 6250 KBps.

The traffic shaper limits the bandwidth of each source IP to a maximum of 6250 KBps.

You must set ike-version to 1.

You must enable net-device.

You must enable auto-discovery-sender.

You must disable idle-timeout.

Set additional-path to send

Enable route-reflector-client

Set advertisement-interval to the number of additional paths to advertise

Set adv-additional-path to the number of additional paths to advertise

Enable soft-reconfiguration

Encapsulating Security Payload (ESP)

Secure Shell (SSH)

Internet Key Exchange (IKE)

Security Association (SA)

You can use metadata variables only to define interface members and the gateway IP.

All SD-WAN template fields support metadata variables.

Any field Identified with a dollar sign ($) in a magnifying glass.

Any field identified with an "M" in a circle.

After FortiGate switches to active mode, FortiGate never fails back to passive monitoring.

During passive monitoring, FortiGate can’t detect dead members.

FortiGate can offload the traffic that is subject to passive monitoring to hardware.

FortiGate passively monitors the member if TCP traffic is passing through the member.

An SD-WAN zone can contain only one type of interface.

An SD-WAN zone can contain between 0 and 512 members.

You cannot use an SD-WAN zone in static route definitions.

You can configure up to 32 SD-WAN zones per VDOM.

diagnose sys sdwan sla-log

diagnose ays sdwan health-check

diagnose sys sdwan intf-sla-log

diagnose sys sdwan log