Q: 9
Refer to the exhibit.
The administrator analyzed the traffic between a branch FortiGate and the server located in the data
center, and noticed the behavior shown in the diagram.
When the LAN clients located behind FGT1 establish a session to a server behind DC-1, the
administrator observes that, on DC-1, the reply traffic is routed overT2. even though T1 is the
preferred member in
the matching SD-WAN rule.
What can the administrator do to instruct DC-1 to route the reply traffic through the member with
the best performance?
The administrator analyzed the traffic between a branch FortiGate and the server located in the data
center, and noticed the behavior shown in the diagram.
When the LAN clients located behind FGT1 establish a session to a server behind DC-1, the
administrator observes that, on DC-1, the reply traffic is routed overT2. even though T1 is the
preferred member in
the matching SD-WAN rule.
What can the administrator do to instruct DC-1 to route the reply traffic through the member with
the best performance?Options
Discussion
Anyone else used the official guide or lab doc for this scenario? Pretty sure it also says auxiliary-session (option C) is needed for FortiGate to select the best SD-WAN member on reply traffic.
Option C is right. With auxiliary-session enabled, FortiGate re-evaluates the best SD-WAN member for reply sessions, so DC-1 can choose T1 if it's the top performer. I think that's key for dynamic path selection. Let me know if you read it differently.
C. Saw a similar scenario on another practice, enabling auxiliary-session made the device evaluate SD-WAN members again for replies.
Yeah, option C. Enabling auxiliary-session is the fix for this.
C Only auxiliary-session lets the FortiGate pick best SD-WAN member on replies. Fortinet docs mention this as the correct tweak.
C. not B. B is a common trap but only C (auxiliary-session) makes the reverse flow pick best SD-WAN member. Seen similar on practice tests.
Probably C, enabling auxiliary-session lets FortiGate re-evaluate which SD-WAN link to use for replies. Pretty sure that's what you need for dynamic best performance, but someone correct me if that's off.
Anyone found the Fortinet docs or lab that shows auxiliary-session affecting reverse path in SD-WAN like this? I’ve read about it in the official admin guide but would be good to confirm with real lab or recent practice exams.
Think option B could work since enabling reply-session in SD-WAN config should make the FortiGate handle reply traffic differently. I remember something about it helping with path selection, but not totally sure. Agree?
C or D? These SD-WAN config questions drive me nuts, but pretty sure it's C here.
Be respectful. No spam.
