View all questions & answers for the NSE 5 - FortiSASE and SD-WAN 7.6 Core Administrator Exam Materials exam


NSE 5 - FortiSASE and SD-WAN 7.6 Core Administrator Exam Materials-Question 50 Discussion
Comment Image Comment Image Comment Image

Refer to the exhibit. An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over HUB1-VPN1. However, the traffic is routed over HUB1-VPN3. Based on the output shown in the exhibit, which two reasons, individually or together, could explain the observed behavior? (Choose two answers)

  • A. HUB1-VPN1 does not have a valid route to the destination.
  • B. HUB1-VPN3 has a lower route priority value (higher priority) than HUB1-VPN1.
  • C. HUB1-VPN3 has a higher member configuration priority than HUB1-VPN1.
  • D. The traffic matches a regular policy route configured with HUB1-VPN3 as the outgoing device.
Correct Answer: A,D

Brave-Dump Clients Votes

AD 100%

Comments



Diaa El-rayse 2026-04-28 19:04:00

Selected Answers: A, D


The question ask for two reasons that could making this happen , route priority is only considered when we have multiple static routes

Rocky 2026-06-04 09:48:27

Selected Answers: A, D


1. Why Option A is Correct (Valid Route Requirement)In FortiOS, for an interface member to be selectable by an SD-WAN rule, it must have a valid active route to the destination within the firewall's main routing table (RIB/FIB).Looking at the third command output (get router info routing-table all | grep HUB1):There is only a valid entry for the target network 10.0.0.0/8 via HUB1-VPN3 (via HUB1-VPN3 tunnel 172.16.1.5).There is no route for the 10.0.0.0/8 network pointing to HUB1-VPN1.Because HUB1-VPN1 lacks a valid routing path to that destination network, the SD-WAN engine automatically bypasses it as an unavailable route.2. Why Option D is Correct (Policy Route Precedence)In the FortiOS packet flow and routing lookup order, regular Policy-Based Routes (PBR) configured under Network > Policy Routes are evaluated before SD-WAN rules.If an administrator previously set up a manual policy route that matches the 10.0.0.0/8 traffic and forces it out via HUB1-VPN3, the firewall will forward the packet instantly using that policy route, completely skipping the SD-WAN ruleset.Why the other options are incorrect:B & C: Even though HUB1-VPN3 shows a member priority value of 1 (which is numerically lower/preferred over 15), the diagnose sys sdwan service 4 output clearly specifies Tie break: cfg (configuration order). Because the rule relies strictly on configuration order rather than member priority weights, interface priority values are ignored during this rule evaluation.