Fortinet Exam NSE7_EFW-7.2 Topic 2 Question 5 Discussion

Actual exam question for Fortinet's NSE7_EFW-7.2 exam

Question #: 5
Topic #: 2

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

AVerity Mai the speed and duplex settings match between me FortiGate interfaces and the connected switch ports

BConfigure set link -failed signal enable under-config system ha on both Cluster members

CConfigure remote Iink monitoring to detect an issue in the forwarding path

DConfigure set send-garp-on-failover enables under config system ha on both cluster members

Show Suggested Answer

Suggested Answer: B

Virtual MAC Address and Failover

- The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port.

- Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces):

#Config system ha

set link-failed-signal enable

end

- This simulates a link failure that clears the related entries from MAC table of the switches.

by Quentin at Jan 27, 2024, 12:10 AM

Limited Time Offer

25%

Off

Get Premium NSE7_EFW-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

7 months ago

Hmm, this question seems pretty tricky. We need to make sure the switches stop sending traffic to the former primary device after an HA failover.

upvoted 0 times

...