Object synchronization can be configured with the following commands:
config system csf
set fabric-object-unification [default | local]
set configuration-sync [default | local]
...
next
end
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/893434/synchronizing-objects-across-the-security-fabric
A is incorrect because fabric-object-unification is not a setting applicable to downstream FortiGates.
B is incorrect because configuration-sync being enabled on the root FortiGate should facilitate, not prevent, synchronization.
C is correct because if the address object on the root FortiGate has fabric-object set to disable, it will not be synchronized.
D is correct because if the downstream FortiGate has configuration-sync set to local, it will not accept the synchronized configuration from the root FortiGate.
we discuss about an address object and a downstream without specify how many downstream there are .... , and for this reason "C" is correct.
A -- OK
C -- OK
A & C are correct.
B and D are wrong, as "configuration-sync" is "Synchronize configuration for IPAM, FortiAnalyzer, FortiSandbox, and Central Management with root node.", not object synchronisation.
https://docs.fortinet.com/document/fortigate/7.4.4/cli-reference/
We agree on A being correct. I think the reason C is not correct is that they aren't saying ALL downstream FortiGates aren't synchronizing. They are referencing a single downstream device.
Sorry,
The CORRECT is AC:
If set fabric-object (Fabric synchronization option in the GUI) is disabled for firewall addresses and address groups on the root FortiGate, they will not be synchronized to downstream FortiGates
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/520820/improvements-to-synchronizing-objects-across-the-security-fabric-6-4-4
AD is the Correct.
*fabric-object-unification*
default: Global CMDB objects will be synchronized in Security Fabric.
local: Global CMDB objects will not be synchronized to and from this device.
*configuration-sync*
default: Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node.
local: Do not synchronize configuration with root node.
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/893434/synchronizing-objects-across-the-security-fabric
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
infinitum
1 month agocharruco
6 months, 4 weeks agomillerry
7 months agoevdw
7 months, 1 week agomorsas23
7 months, 1 week agoGCISystemIntegrator
7 months, 1 week agoevdw
7 months, 1 week agoDisposable_Me_2018
7 months, 2 weeks agodsticht
7 months, 2 weeks agodsticht
7 months, 2 weeks agodsticht
7 months, 2 weeks agoK4KarOt0
7 months, 2 weeks agoK4KarOt0
7 months, 2 weeks ago