Question 3 - Fortinet FCSS_SDW_AR-7.4 Real Exam Questions [Jan 2026 Update]

Q: 3

SD-WAN interacts with many other FortiGate features. Some of them are required to allow SD-WAN to steer the traffic. Which three configuration elements that you must configure before FortiGate can steer traffic according to SD-WAN rules? (Choose three.)

Options

Correct Answer:

A, B, E

Explanation

For FortiGate to steer traffic using SD-WAN, a specific sequence of configurations is required. First, the underlying network interfaces that will participate in the SD-WAN (such as physical WAN links or VPN tunnels) must be configured and then added as members to the SD-WAN zone. Second, routing must be configured, typically a static route, to direct traffic towards the SD-WAN virtual interface. This step is crucial for the FortiGate to consider the SD-WAN engine for path selection. Finally, firewall policies must be created to permit the traffic, using the SD-WAN virtual interface as the outgoing interface. These three elements—interfaces, routing, and firewall policies—are the fundamental prerequisites for SD-WAN traffic steering.

Why Incorrect

C. Security profiles: These are applied to firewall policies for traffic inspection (like antivirus or IPS). They are not required for the SD-WAN path selection and steering mechanism itself to function.

D. Traffic shaping: This feature manages bandwidth and prioritizes traffic. While it can be used with SD-WAN, it is a separate function and not a mandatory prerequisite for basic traffic steering.

References

1. FortiOS SD-WAN Administration Guide 7.4.1

"Basic setup" section

page 23: This section outlines the essential steps for a basic SD-WAN deployment

which explicitly include: 1. Create SD-WAN members (which are based on configured Interfaces)

4. Create a static route

and 5. Create firewall policies. This demonstrates that these three are core requirements.

2. FortiOS SD-WAN Administration Guide 7.4.1

"Packet flow for SD-WAN" section

page 19: The packet flow diagram and description show that after a packet arrives

the FortiGate performs a routing lookup. If the route points to the SD-WAN interface

a firewall policy check is performed. Only then are the SD-WAN rules evaluated to steer traffic over a member interface. This confirms the dependency on these three elements.

3. FortiOS Administration Guide 7.4.1

"Policies" chapter

page 619: This chapter details the necessity of firewall policies to allow any traffic to pass through the FortiGate. It states

"A firewall policy is a set of instructions that the FortiGate unit uses to control traffic." This applies to SD-WAN traffic as well

which must be explicitly permitted.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE