Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_PBC-7.2 Topic 2 Question 23 Discussion

Actual exam question for Fortinet's NSE7_PBC-7.2 exam
Question #: 23
Topic #: 2
[All NSE7_PBC-7.2 Questions]

In an SD-WAN TGW Connect topology, which three initial steps are mandatory when routing traffic from a spoke VPC to a security VPC through a Transit Gateway? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

Spoke VPC Routing:The 0.0.0.0/0 (default) route in the spoke VPC must point to the Transit Gateway attachment for traffic to reach other VPCs or external destinations.

Security VPC Routing:Traffic from the security VPC needs to pass through the FortiGate for inspection and security controls. Therefore, the 0.0.0.0/0 route in the security VPC's TGW subnet routing table must point to the FortiGate's internal port.

FortiGate Routing:The FortiGate's internal subnet must have its 0.0.0.0/0 route configured to point to the Transit Gateway attachment, allowing traffic to be returned to other VPCs or reach the internet.

In an SD-WAN TGW Connect topology, when routing traffic from a spoke VPC to a security VPC through a Transit Gateway, the mandatory initial steps include:

From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW (Option A): This step is crucial for ensuring that all traffic from the spoke VPC destined for external networks is directed through the Transit Gateway, allowing for centralized management and security inspection.

From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the FortiGate internal port (Option B): Routing all traffic from the TGW subnet in the security VPC to the FortiGate's internal port ensures that traffic is subjected to the necessary security policies and inspections provided by the FortiGate appliance before it proceeds to other destinations or returns to the spoke VPCs.

From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW (Option D): This configuration ensures that traffic returning from the security processes handled by the FortiGate is routed back through the Transit Gateway, maintaining the integrity of the secure transit path and ensuring proper routing back to the originating spoke or onward to the internet.


Contribute your Thoughts:

Son
2 months ago
I see your point, but I think step D is necessary for routing to the TGW.
upvoted 0 times
...
Nu
2 months ago
I'm not sure about step D, I think it should be E instead.
upvoted 0 times
...
Lezlie
2 months ago
I agree with Son, those steps make sense for routing traffic.
upvoted 0 times
...
Tresa
2 months ago
I'm just hoping the exam doesn't ask me to draw a diagram of this topology. My stick figures aren't that great.
upvoted 0 times
Bobbye
2 months ago
E) From both spoke VPCs and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway
upvoted 0 times
...
Lemuel
2 months ago
C) From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
Andree
2 months ago
A) From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
...
Denna
3 months ago
Wait, why would we route 0.0.0.0/0 to the Internet Gateway? That doesn't sound right. A, C, and D for the win!
upvoted 0 times
...
Son
3 months ago
I think the initial steps are A, C, and D.
upvoted 0 times
...
Lachelle
3 months ago
This is a tricky one, but I'm pretty sure the answer is A, C, and D. Gotta love those SD-WAN questions!
upvoted 0 times
Eden
2 months ago
It's important to have all those routing steps set up correctly for the traffic flow.
upvoted 0 times
...
Lavelle
2 months ago
Don't forget to point 0.0.0.0/0 traffic to the TGW from the security VPC as well.
upvoted 0 times
...
Leigha
2 months ago
Yeah, those steps are definitely mandatory in that topology.
upvoted 0 times
...
Tanesha
2 months ago
I think the answer is A, C, and D.
upvoted 0 times
...
...
Danica
3 months ago
I think B is also a valid step, since you need to route traffic from the security VPC to the FortiGate.
upvoted 0 times
Albert
2 months ago
E) From both spoke VPCs and the security VPC, point 0.0.0.0/0 traffic to the Internet Gateway
upvoted 0 times
...
Novella
3 months ago
C) From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
Lura
3 months ago
A) From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
...
Annice
3 months ago
A, C, and D are the correct steps. Routing traffic through the TGW is the key here.
upvoted 0 times
Ernestine
2 months ago
D) From the security VPC FortiGate internal subnet routing table, point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
Anissa
3 months ago
C) From the security VPC TGW subnet routing table: point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
Geoffrey
3 months ago
A) From the spoke VPC internal routing table, point 0.0.0.0/0 traffic to the TGW
upvoted 0 times
...
...

Save Cancel