Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE7_EFW-7.2 Topic 2 Question 5 Discussion

Actual exam question for Fortinet's NSE7_EFW-7.2 exam
Question #: 5
Topic #: 2
[All NSE7_EFW-7.2 Questions]

An administrator has configured two fortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device What can the administrator do to fix this problem?

Show Suggested Answer Hide Answer
Suggested Answer: B

Virtual MAC Address and Failover

- The new primary broadcasts Gratuitous ARP packets to notify the network that each virtual MAC is now reachable through a different switch port.

- Some high-end switches might not clear their MAC table correctly after a failover - Solution: Force former primary to shut down all its interfaces for one second when the failover happens (excluding heartbeat and reserved management interfaces):

#Config system ha

set link-failed-signal enable

end

- This simulates a link failure that clears the related entries from MAC table of the switches.


Contribute your Thoughts:

Roxane
8 months ago
Hmm, I'm not so sure about option B. Enabling the link-failed signal might work, but it seems a bit outdated. I'd go with the send-garp-on-failover option myself.
upvoted 0 times
Josephine
7 months ago
Sounds good, let's try option D.
upvoted 0 times
...
Sheron
8 months ago
Let's go with option D then.
upvoted 0 times
...
Melita
8 months ago
I have had success with option D in the past.
upvoted 0 times
...
Geraldo
8 months ago
I'm not sure, option C could also be a valid solution.
upvoted 0 times
...
Valentin
8 months ago
I disagree, I believe option D is the correct solution.
upvoted 0 times
...
Harris
8 months ago
I think option A is the best choice here.
upvoted 0 times
...
...
Sage
8 months ago
You know, I was reading about this the other day. I believe the remote link monitoring option (C) is also a good choice. That way, the FortiGates can detect issues in the forwarding path and trigger a failover faster.
upvoted 0 times
...
Roslyn
8 months ago
I think option D looks promising. Enabling the send-garp-on-failover setting should help the switches update their MAC address tables and start sending traffic to the new primary device.
upvoted 0 times
...
Margery
8 months ago
Hmm, this question seems pretty tricky. We need to make sure the switches stop sending traffic to the former primary device after an HA failover.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77