Q: 2
Refer to the exhibits.
An administrator is testing application steering in SD-WAN. Before generating test traffic, the
administrator collected the information shown in the first exhibit. After generating GoToMeeting test
traffic, the administrator examined the corresponding traffic log on FortiAnalyzer, which is shown in
the second exhibit.
The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the
traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-
WAN rule? (Choose two.)
An administrator is testing application steering in SD-WAN. Before generating test traffic, the
administrator collected the information shown in the first exhibit. After generating GoToMeeting test
traffic, the administrator examined the corresponding traffic log on FortiAnalyzer, which is shown in
the second exhibit.
The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the
traffic to match rule ID 1.
Which two reasons explain why some log messages show that the traffic matched the implicit SD-
WAN rule? (Choose two.)Options
Discussion
I don’t think it’s D. B is more likely since ISDB cache not matching can cause the session to hit the implicit rule. Some folks might get tripped up thinking D fits, but rule existence isn't the main issue here. Correct me if I'm off.
C or D. I'm thinking B and C make sense since initial session matching depends on the ISDB cache and whether FortiGate refreshes route info, but if there was no rule for GoToMeeting at all, D could fit too. Not totally sure here.
A is wrong, B/C. ISDB cache and routing refresh issues make more sense here given the flow. Disagree?
B/C? The traffic matched the implicit rule because GoToMeeting wasn't recognized at session start and couldn't update after detection. Not 100% but lines up with how SD-WAN does first packet classification.
I get why D looks tempting here, but similar SD-WAN exam questions usually go with B and C. Traffic can hit the implicit rule if the ISDB cache doesn't match or route info isn't updated. Anyone see it different?
A is wrong, B and C are the right picks. FortiGate SD-WAN uses the ISDB app cache for matching, so if GoToMeeting isn't cached or the session can't reroute after app detection, it'll hit the implicit rule instead. Pretty sure that's what's happening.
Had something like this in a mock, and it pointed to B and C being right.
B tbh
Probably B and C, that's what I've seen in official guides and labs for Fortinet SD-WAN exam practice. The ISDB app cache and session refresh logic are common trouble spots.
Its B and C. A is a common trap since SSL inspection doesn’t block ISDB matching, and D would mean no rule at all, but the scenario’s about cache and session refresh. Seen similar in recent practice tests.
Be respectful. No spam.
