View all questions & answers for the NSE 6 – SD-WAN 7.6 Enterprise Administrator Exam Materials exam
NSE 6 – SD-WAN 7.6 Enterprise Administrator Exam Materials-Question 50 Discussion
Comments
Selected Answers: A, B
GoToMeeting uses HTTPS. Without deep/full SSL inspection, FortiGate cannot inspect the encrypted payload to reliably identify the application via app-control signatures. Only certificate-based identification (SNI/cert CN) works, which isn't always sufficient. This is a documented cause for app-control missing HTTPS traffic.
B. The session 3-tuple did not match any of the existing entries in the ISDB application cache. ✅ True
Per Fortinet docs: FortiGate builds an ISDB application cache keyed on 3-tuple (src, dst, dport). When the first packet of a new session arrives, if the 3-tuple isn't cached, SD-WAN uses the implicit rule. After app detection, the cache is populated and the session is marked dirty for re-evaluation — but the initial log entry shows the implicit rule match.
C. ❌ False — session is marked dirty and re-routed after app detection.
D. ❌ False — Rule 1 includes Collaboration category which covers GoToMeeting.
Refer to the exhibits. An administrator is testing application steering in SD-WAN. Before generating test traffic, the administrator collected the information shown in the first exhibit. After generating GoToMeeting test traffic, the administrator examined the corresponding traffic log on FortiAnalyzer, which is shown in the second exhibit. The administrator noticed that the traffic matched the implicit SD-WAN rule, but they expected the traffic to match rule ID 1. Which two reasons explain why some log messages show that the traffic matched the implicit SD-WAN rule? (Choose two answers)
Brave-Dump Clients Votes