ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE7_EFW-7.0 All Questions

View all questions & answers for the NSE7_EFW-7.0 exam
Go to Exam

Exam NSE7_EFW-7.0 topic 1 question 4 discussion

Actual exam question from Fortinet's NSE7_EFW-7.0
Question #: 4
Topic #: 1
[All NSE7_EFW-7.0 Questions]

Refer to the exhibits, which show the configuration on FortiGate and partial session information for internet traffic from a user on the internal network.

If the priority on route ID 2 were changed from 10 to 0, what would happen to traffic matching that user session?

  • A. The session would remain in the session table, but its traffic would now egress from both port1 and port2.
  • B. The session would remain in the session table, and its traffic would egress from port2.
  • C. The session would be deleted, and the client would need to start a new session.
  • D. The session would remain in the session table, and its traffic would egress from port1.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Canferno at Jan. 4, 2023, 12:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pcbbj
Highly Voted 1 year, 6 months ago
Selected Answer: D
With snat-route-change disable, sessions using SNAT keep using the same outbound interface, as long as the old route is still active.
upvoted 13 times
...
kocalin
Highly Voted 1 year, 6 months ago
Selected Answer: D
D is correct - Study Guide, page 146
upvoted 6 times
...
cbu_ch
Most Recent 5 months, 1 week ago
Selected Answer: D
Same here, D.
upvoted 1 times
...
mikerss
7 months ago
Selected Answer: D
D is correct. SNAT https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-update-existing-NAT/ta-p/198439 config system global set snat-route-change enable end The option 'snat-route-change' can control what action the existing SNAT session needs to take after route change. By default, it is disabled. So after a routing change, sessions with SNAT keep using the same outbound interface, as long as the old route is still active. When 'snat-route-change' is enabled, after a routing change, routing information is flushed from existing SNAT sessions;.
upvoted 1 times
...
adiaz_
8 months ago
D is the correct.
upvoted 1 times
...
Ral89
8 months, 1 week ago
How can we determine if snat-route-change is disabled or enabled by looking at this output ?
upvoted 1 times
J_Olin
2 months ago
It says 'disable' on the second line of the Configuration screenshot
upvoted 1 times
...
...
Malasxd
9 months ago
Selected Answer: B
In the session show the traffic using interface 2 as outbound. I don't know why, but it is.
upvoted 1 times
Malasxd
9 months ago
Sorry. The interface number showed in session table is the interface index and not the interface number. I not sure if the index 2 own the port2. We need to trust that it's not a prank and there's not a policy route matching this traffic. I change my answer to"D"
upvoted 1 times
...
...
fy64
9 months, 2 weeks ago
Selected Answer: D
snat-route-change should be enabled in order to switch routing to port 2.
upvoted 1 times
...
lucient
9 months, 2 weeks ago
Selected Answer: D
"D" is correct. "When you disable snat-route-change, the behavior that occurs after a routing change is different for sessions using SNAT. Sessions using SNAT continue using the same outbound interface, as long as the old route is still active." Enterprise_Firewall_7.0_Study_Guide-Online.pdf - Page 146
upvoted 1 times
...
fnet007
10 months, 4 weeks ago
Took the test a few weeks ago, there is a variant on this question where the snat-route-change setting is enabled. So the answer would be B in that case.
upvoted 2 times
javim
9 months, 3 weeks ago
No, the answer would be C, the session is deleted and restablished.
upvoted 2 times
...
...
cedigger
11 months, 2 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
Sanalthekken
1 year, 1 month ago
Selected Answer: D
With snat-route-change disable, sessions using SNAT keep using the same outbound interface, as long as the old route is still active.
upvoted 1 times
...
Dayvey
1 year, 1 month ago
Selected Answer: D
With snat-route-change enable will it perform the same action as non-natted traffic , aka it will flag the session as dirty and restablish. With snat-route-change disable it will stay on the current interface unless the interface has gone down.
upvoted 1 times
...
caleidoscopio
1 year, 1 month ago
D is correct
upvoted 1 times
...
certifi46
1 year, 2 months ago
Selected Answer: D
With snat-route-change disable, sessions using SNAT keep using the same outbound interface, as long as the old route is still active
upvoted 1 times
...
Agent1994
1 year, 2 months ago
Selected Answer: D
D: snat-route-change is disabled. Ref: Enterprise_Firewall_7.0_Study_Guide-Online 147
upvoted 1 times
...
TylerNSE
1 year, 3 months ago
The same session is remain with the original initial traffic interface. D - is correct
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago