Q: 9
Refer to the exhibit.
The administrator analyzed the traffic between a branch FortiGate and the server located in the data
center, and noticed the behavior shown in the diagram.
When the LAN clients located behind FGT1 establish a session to a server behind DC-1, the
administrator observes that, on DC-1, the reply traffic is routed overT2. even though T1 is the
preferred member in
the matching SD-WAN rule.
What can the administrator do to instruct DC-1 to route the reply traffic through the member with
the best performance?
The administrator analyzed the traffic between a branch FortiGate and the server located in the data
center, and noticed the behavior shown in the diagram.
When the LAN clients located behind FGT1 establish a session to a server behind DC-1, the
administrator observes that, on DC-1, the reply traffic is routed overT2. even though T1 is the
preferred member in
the matching SD-WAN rule.
What can the administrator do to instruct DC-1 to route the reply traffic through the member with
the best performance?Options
Discussion
Option C is right. With auxiliary-session enabled, FortiGate re-evaluates the best SD-WAN member for reply sessions, so DC-1 can choose T1 if it's the top performer. I think that's key for dynamic path selection. Let me know if you read it differently.
Yeah, option C. Enabling auxiliary-session is the fix for this.
C. not B. B is a common trap but only C (auxiliary-session) makes the reverse flow pick best SD-WAN member. Seen similar on practice tests.
Looks like it's C here. Enabling auxiliary-session lets FortiGate do a new SD-WAN lookup for reverse traffic so replies can follow the best performing link, not just stick to the original one. Pretty sure that's what Fortinet recommends for this scenario.
Be respectful. No spam.
