Refer to the exhibits. The administrator increases the member priority on port2 to 20. Upon configuration changes and the receipt of new packets, which two actions does FortiGate perform on existing sessions established over port2? (Choose two answers)

A. FortiGate flags the sessions as dirty
B. FortiGate routes only new sessions over port2
C. FortiGate continues routing all existing sessions over port2
D. FortiGate updates the gateway information of the sessions with SNAT so that they use port1 instead of port2
E. FortiGate flags the SNAT session as dirty only if the administrator has assigned an IP pool to the firewall policies with NAT

Correct Answer: A,D

Brave-Dump Clients Votes

AC 100%

Comments

Anonymous User 2026-02-12 08:51:50

Selected Answers: A, C

To discuss, my own understanding :The Trigger: Because snat-route-change is enabled, FortiGate is told: "If any routing configuration changes, I need to double-check my existing SNAT sessions." The "Dirty" Flag: FortiGate flags the sessions on port2 as dirty. This doesn't kill the session; it just marks it for a re-evaluation when the next packet arrives. The Re-evaluation: FortiGate looks at the routing table again.

Port 2: Distance 1

Port 1: Distance 10

The Decision: Since Distance 1 is still strictly better than Distance 10, Port 2 remains the "Best Route." The Priority (20) is never even looked at because the tie was already broken by the Distance. The Result: Traffic stays on Port 2.