Exam NSE7_EFW-7.0 topic 1 question 41 discussion

Correct answer is B. Return packet routing back to the source follows this format gwy=10.200.1.254 (this is the gateway to the dest) / 10.1.0.1 (this is the destination's gateway back to the source) Study guide P 140

B - is only correct. 10.1.0.1 - is a gateway for the reply.

I've just taken the exam and I think the correct answer is indeed B for question 41, I answered with C assuming there is a typo and it should be 10.1.10.10, but I don't think there will be a typo in an official exam like this, Good luck to everyone, I've only had 2 mistakes, one in System Tshoot, and the other in VPN (I'm quite sure that was the question 56 with answer auto-discovery-sender).

I think it's "C", but there is a typo. The session is from 10.1.10.TEN (last zero is missing) to 10.200.5.1. B is wrong, because the return traffic will come to the nated IP 10.200.1.1 as showed in the "reply" line: 10.200.5.1:60430 -> 10.200.1.1:0

B Enterprise_Firewall_7.0_Study_Guide-Online.pdf page 140

B is the correct answer. Go through pg. 136, 137, 138, 139 & 140 from study guide. This session entry is for ICMP echo response with gateway to source identified which is 10.1.0.1. Considering fortigate objective of keeping flow symmetric, return traffic will sent to identified gateway.

I believe B is the correct answer, based on the Source gateway. But isnt this asynchronous routing?

10.1.0.1 gt to source

A / Eliminated (wrong destination, 10.200.1.1 = SNAT egress interface) C / Eliminated (wrong source ip) D / wrong GW for return traffic to the initiation Correct answer : B return traffic is sent to GW 10.1.10.1

.It's B C - It is an ICMP session from 10.1.10.1 to 10.200.5.1 - The source is wrong

proto_state = 00 (icmp) icmp session from 10.1.10.10 to 10.200.5.1

B -> its the gateway for the reply

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-session-table-information/ta-p/196988?externalId=FD30042

there is a typo in the choice B. It should ne 10.1.0.10. So, B is the correct answer.

There is an error in the answer. Should be: B Return traffic to the initiator is sent to 10.1.0.10

A / Eliminated (wrong destination, 10.200.1.1 = SNAT egress interface) C / Eliminated (wrong source ip) D / wrong GW for return traffic to the initiation Correct answer : B return traffic is sent to GW 10.1.10.1

I believe it is C