Refer to the exhibit. What occurs during a failover for an active-passive (A-P) cluster that is deployed in two different availability zones? (Choose two.)
A.
The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.
B.
The secondary IP address of Port2 of FGT-1 is moved to Port2 of FGT-2.
C.
The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.
D.
An additional route is added to the route table of the HA Sync AZ2 subnet to forward all traffic to the Internet GW.
During a failover in an active-passive (A-P) Fortinet cluster deployed across two different availability zones (AZs), the following two actions occur:
The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2: This ensures that the active unit's public-facing IP (EIP) moves from the failed primary firewall (FGT-1) to the backup firewall (FGT-2) in the other availability zone to continue handling traffic.
The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT-2: When a failover happens, traffic from the private subnet needs to be routed to the newly active FortiGate instance (FGT-2), ensuring service continuity.
These actions ensure that traffic continues to be processed correctly even after the failover, minimizing downtime.
A. The cluster elastic IP address (EIP) is moved from Port1 of FGT-1 to Port1 of FGT-2.
During failover, the EIP associated with the active FortiGate instance (FGT-1) is moved to the standby FortiGate instance (FGT-2) to ensure continuous traffic flow.
C. The default static route in the Private-AZ1 subnet route table is modified to forward all traffic to Port2 of FGT2.
In a failover, the route table is updated to forward traffic to the newly active instance (FGT-2) in the second availability zone.
These actions ensure the network continues to function seamlessly after the failover event.
A&C are correct - Study Guide 7.4 Page 133
Attention! Watch on the details! This Question is for a failover between TWO AZs:
Failover for this scenario is simpler than for a failover for a cluster within the same AZ. This is because this architecture does not use secondary IP addressing. There is only one elastic IP configured for production traffic. During the failover the elastic IP, which is assigned to port1 of FGT-1, moves to FGT-2. Additionally, just like with the singe AZ scenario, the private routing table for AZ1 is updated to forward all traffic throug port2 of FGT-2.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
myrmidon3
2 months agoyerno1
2 months, 2 weeks agoSpawni81
4 months, 1 week ago[Removed]
4 months, 2 weeks ago