Statement C is correct because the exhibit for SD-WAN rule 4 shows a specific match for the traffic in question (Source: 10.0.1.0/26, Destination Application: Facebook). The rule's mode is sla, and both members meet the SLA criteria. port2 has the higher priority (0) compared to port1 (1), so FortiGate selects port2 to steer the traffic. The reference to "service rule 2" is considered a typo for "service rule 4".

Statement D is correct as it describes the default behavior of the implicit SD-WAN rule. This rule, which is always present, catches any traffic not matched by other explicit rules and load-balances it across all available SD-WAN members. This is a fundamental concept of FortiGate SD-WAN operation.

A: The traffic for Facebook is recognized and matched by rule 4. It would not be handled as an unrecognized application by a different rule (rule 3).

B: This is factually incorrect. The exhibit for rule 4 explicitly lists dst(1): Facebook, confirming a service for the application is defined in the rule.

1. Fortinet FortiOS 7.4.0 Administration Guide:

Section: SD-WAN > SD-WAN rules: "FortiGate evaluates SD-WAN rules in the order that they appear in the list... For SLA strategy

FortiGate directs traffic to the first link in the list that meets the SLA." This supports the selection of port2 based on its higher priority (0) as shown in the exhibit.

Section: SD-WAN > SD-WAN rules: "An implicit rule is created by default... The implicit rule is the last rule in the list... The implicit rule load balances traffic that is not matched by any other rule in the list across all SD-WAN members." This confirms the behavior described in option D.

Section: SD-WAN > SD-WAN rules > Application steering: "When a new session starts

the application has not yet been identified... FortiGate steers the traffic to the first available member that is configured in the rule." This refutes option A

as the initial traffic would still be handled by rule 4's first member (port2)

not by another rule.