View all questions & answers for the NSE 6 - Network Security 7.6 Support Engineer Materials exam


NSE 6 - Network Security 7.6 Support Engineer Materials-Question 50 Discussion

Refer to the exhibit. What is the most likely reason that the local FortiGate is not receiving any prefixes from its neighbors? (Choose one answer)

  • A. The router 100.64.3.1 is waiting for the OPEN message from the local router.
  • B. The RIB-OUT configuration for router 10.127.0.75 prevents any route advertisement to the local router.
  • C. The local router is waiting for the keepalive message from the router 10.125.0.60.
  • D. None of the three neighbors has successfully established the TCP three-way handshake with the local router.
Correct Answer: B

Brave-Dump Clients Votes

B 66.67%
D 33.33%

Comments



Fatma Salih 2026-01-22 22:03:34

Selected Answers: B


A is wrong because peer is trying to connect via tcp 189

C peer is waiting for open msg.

D wrong because two peers already moved passed the tcp handshake process

Anonymous User 2026-04-06 05:04:10

Selected Answers: D


Option D is correct. Below is the explanation

D. None of the three neighbors has successfully established the TCP three-way handshake with the local router.

Why this is the correct answer:
To receive prefixes (routes) via BGP, the session state must be Established. Looking at the State/PfxRcd column for all three neighbors, none of them are in the established state:

10.125.0.60 is in the OpenSent state. This means the local router sent an OPEN message and is waiting for one in return, but the full BGP handshake is not complete.

10.127.0.75 shows a state of 0. While the "Up/Down" timer shows it has been active for over 2 hours, the "0" indicates that zero prefixes have been received, often implying the session is not fully functional or no routes are being shared.

100.64.3.1 is in the Active state. In BGP terms, "Active" actually means the router is actively trying to establish a TCP connection but has failed to do so.

Why the other options are incorrect:
A: 100.64.3.1 is in the Active state, meaning it is still trying to establish the underlying TCP connection; it hasn't reached the point of waiting for BGP OPEN messages yet.

B: While a RIB-OUT policy could prevent the neighbor from receiving routes, it doesn't explain why the local router is receiving 0 prefixes from a neighbor that isn't even fully established.

C: The OpenSent state for 10.125.0.60 indicates it is waiting for an OPEN message, not a keepalive. Keepalives are only exchanged after the OPEN messages are confirmed.

Anonymous User 2026-04-10 00:55:04

Selected Answers: B


https://community.fortinet.com/t5/FortiGate/Technical-Tip-BGP-neighbor-adjacency-states/ta-p/208989