Exam NSE4_FGT-7.2 topic 1 question 27 discussion

A: Non load balance: traffic enters port1 and go out port2 from FGT1. FGT2 is in standby mode D: In proxy inspection mode, SYN packet goes to FGT1 port1. It is then forwarded to FGT2. the source MAC address of the packet is changed to the physical MAC address of port1 on the primary and the destination MAC address to the physical MAC address of port1 on the secondary. This is also known as MAC address rewrite. In addition, the primary encapsulates the packet in an Ethernet frame type 0x8891. The encapsulation is done only for the first packet of a load balanced session

D: is the only correct for me.

A & D

A. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source. D. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary.

FortiGate Infrastructure 7.2 Study Guide (p.317 & p.320): "To forward traffic correctly, a FortiGate HA solution uses virtual MAC addresses." "The primary forwards the SYN packet to the selected secondary. (...) This is also known as MAC address rewrite. In addition, the primary encapsulates the packet in an Ethernet frame type 0x8891. The encapsulation is done only for the first packet of a load balanced session. The encapsulated packet includes the original packet plus session information that the secondary requires to process the traffic."

A and B. Since Secondary : FGT-1 HA Cluster index = 0

FortiGate Infrastructure 7.2 Study Guide p.320-322

Correct: A. For non-load balanced connections, packets forwarded by the cluster to the server contain the virtual MAC address of port2 as source. D. For load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary. Incorrect: B. The traffic sourced from the client and destined to the server is sent to FGT-1. (not primary) C. The cluster can load balance ICMP connections to the secondary. (not enabled) FortiGate Infrastructure 7.2 Study Guide (p.317 & p.320): "To forward traffic correctly, a FortiGate HA solution uses virtual MAC addresses." "The primary forwards the SYN packet to the selected secondary. (...) This is also known as MAC address rewrite. In addition, the primary encapsulates the packet in an Ethernet frame type 0x8891. The encapsulation is done only for the first packet of a load balanced session. The encapsulated packet includes the original packet plus session information that the secondary requires to process the traffic." Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html

A and D for A-A loadbalance traffic from the client is received on the primary's Vmac to which the packet is then sent to the secondary for inspection with the physical mac address of the primary as source. Then it comes back to primary and client to which the handshake has begun.

La C no es por que se puede sincronizar pero no hacer balanceo de ICMP

A. Is not true, always Cluster sends traffic to server using physical MAC B. Is not true, the traffic sourced from the client and destined to the server is sent to FGT-2. C. Is not true, the cluster cannot load balance ICMP connections D. Is true for load balanced connections, the primary encapsulates TCP SYN packets before forwarding them to the secondary using 0x8891 frame Everything is taken from infrastruture study guide pages 320-322

Answer is A & D

Can A really be correct? View the slide on page 322 FortiGate_Infrastructure_7.2_Study_Guide-Online.pdf It's shows secondary-physical MAC-port2 to server D is the only correct one

in mode A-A no icmp protocol can ben load balanced

correct answer is A&D

Correct answers are C and D. The cluster is in Active-Active mode and FGT1 is the secondary

Set mode is a-a not a-p