Exam NSE7_EFW-6.2 topic 1 question 49 discussion

C - Correct - NSE7_EFW-6.2 Manual page 152

For me is D because snat route change is enable in this case the any session is delete.

C page 151

Notice the command snat-route-change enable is set which flushes routing information from existing SNAT sessions so the the existing snat sessions can use any new best route. Page 148 EFW Study Guide. Correct Answer is C.

Answer is B. This existing session will keep using port1 since STATE=LOG MAY DIRTY. If the STATE=DIRTY then offcourse recalculation will be pushed and then any new session will be forced to port2. I think B is correct.

Enterprise_Firewall_6.4_Study_Guide page#150,151

C it´s correct

A. The session would remain in the session table, and its traffic would still egress from port 1. If the administrator increases the priority for port1 to a value higher than port2, and if snat-route-change is disabled, all new sessions start using port2, because it has the lowest priority. However, all the existing sessions continue to use port1. The default route is through port1. Even though the default route is no longer the best route, it is still active and FortiGate is doing SNAT. The existing sessions will continue to use the old route until they expire. If FortiGate wasn’t doing SNAT, all the existing sessions would switch to port2 after the change

for me, the answer is B, because the priority in port 1 is 5, the priority in port 2 is 10, Pag 134 also Pag 151 and 152 of NSE7_EFW-6.2 Manual study guide with Snat-route-change enable

it's the same question 5 Correct - B the session remain in the session table and traffic would still egress from port 1 until the session expire.