Question 1
Question
HA Operation modes
Question 2
Question
one of the main differences in the active-passive mode:
Answer
-
is that in the active-active mode, all of the FortiGate devices are processing traffic. One of the tasks of a primary FortiGate in active-active mode is to balance some of the traffic among all the secondary devices.
-
is that in the active-passive mode, all of the FortiGate devices are processing traffic. One of the tasks of a primary FortiGate in active-passive mode is to balance some of the traffic among all the secondary devices.
Question 3
Question 4
Question
FGCP run over the hearbeat links and FortiASIC NPE interfaces.
Question 5
Question 6
Question
TCP Port 23 and TCP Port 703 user what types of ethernet type values?
Answer
-
TCP Port 703:
0x8890 - NAT mode
0x8891 - Transparent mode
TCP Port 23:
0x8893 - Configuration synchronization
-
TCP Port 23:
0x8890 - NAT mode
0x8891 - Transparent mode
TCP Port 703:
0x8893 - Configuration synchronization
Question 7
Question
FortiGate HA configuration requires a specific set up and devices. First, at least two, but up to four, FortiGate devices with the same: (Select 4)
Answer
-
Firmware
-
Hardware model and VM license FortiGuard , FortiCloud, and FortiClient licenses
-
Hard drive capacity and partitions
-
Operating mode (transparent or NAT)
-
FortiOS
-
VPN configuration
-
Inspection mode (flow based or proxy mode)
Question 8
Question
What if one of the FortiGate device has a lower level of licensing than other FortiGate devices in the cluster?
Answer
-
All of the FortiGates in the cluster will revert to that lower licensing level. For example, if you only purchase FortiGuard Web Filtering for one of the FortiGate devices in a cluster, when the cluster is operating, none of the cluster members will support FortiGuard Web Filtering.
-
All of the FortiGates in the cluster will revert to the maximum licensing level. For example, if you purchase FortiGuard Web Filtering for one of the FortiGate devices in a cluster, when the cluster is operating, all of the cluster members will support FortiGuard Web Filtering.
Question 9
Question
HA communication is called:
Answer
-
hearbeat traffic
-
FGCP
-
High Availability
Question 10
Question
For redundancy, how many hearbeat interfaces can be created?
Answer
-
Up to eight
-
Up to ten
-
Up to six
Question 11
Question
As a best practice (and Fortinet recommendation), configure the FortiGate interfaces with DHCP addresses when forming an HA cluster. Once an HA is formed, you can configure the DHCP or PPPoE addressing for an interface. If an interface is configured for static addresses, enabling HA may result in the interface receiving an incorrect address, or not being able to connect to the server correctly.
Question 12
Question
1- [blank_start]Connected monitored ports[blank_end]
2- [blank_start]HA Uptime[blank_end]
3- [blank_start]Priority[blank_end]
4- [blank_start]Serial Number[blank_end]
Question 13
Question
1- [blank_start]Connected monitored ports[blank_end] - The cluster first compares the number of monitored interfaces whose statuses are up. The FortiGate device with the most available monitored interfaces becomes the primary.
2- [blank_start]HA Uptime[blank_end] - The cluster compares the HA uptimes of the individual devices. If the HA uptime of a device is at least five minutes more than the HA uptimes of the other FortiGates, it becomes the primary.
3- [blank_start]Priority[blank_end] - The FortiGate with the configured highest priority becomes the primary.
4- [blank_start]Serial number[blank_end] - The cluster chooses the primary by comparing the serial numbers.
Question 14
Question
Command to force a failover event:
Question 15
Question
Force a failover with override enable
Question 16
Question
To form an HA cluster, all FortiGate devices that will be included in the cluster must have which of the following?
Question 17
Question
What is the default criteria (override disabled) for selecting the high availability (HA) primary device in an HA cluster?