Which two pieces of information are synchronized between FortiGate HA members? (Choose two.)
IPsec security associations
IPsec security associations (SAs) are synchronized between HA members to ensure seamless failover and continuity of VPN tunnels.
DHCP leases
DHCP lease information is synchronized between HA members to maintain consistent IP address assignments and prevent disruptions when failover occurs.
Refer to the exhibits.
FGT-1 and FGT-2 are updated with HA configuration commands shown in the exhibit.
What would be the expected outcome in the HA cluster?
With the override setting enabled and a higher priority configured on FGT-2, it will preempt FGT-1 and become the primary unit in the HA cluster.
Refer to the exhibit, which shows an SD-WAN zone configuration on the FortiGate GUI.
Based on the exhibit, which statement is true?
The 'd-wan' zone in FortiGate SD-WAN configuration is the default SD-WAN zone created when SD-WAN is enabled. This zone contains all the interfaces assigned to SD-WAN and is essential for the functionality of the SD-WAN feature. The 'd-wan' zone cannot be deleted because it is required for SD-WAN operations. Option A is incorrect because the underlay zone does not contain port1. Options B and D are incorrect because they incorrectly describe the configuration of zones.
FortiOS 7.4.1 Administration Guide: SD-WAN Zone Configuration
An administrator configures FortiGuard servers as DNS servers on FortiGate using default settings.
What is true about the DNS connection to a FortiGuard server?
By default, DNS queries to FortiGuard servers use UDP port 53.
Refer to the exhibits, which show a diagram of a FortiGate device connected to the network. VIP object configuration, and the firewall policy configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port3) interface has the IP address 10.0.1.254/24.
If the host 10.200.3.1 sends a TCP SYN packet on port 8080 to 10.200.1.10, what will the source address, destination address, and destination port of the packet be at the time FortiGate forwards the packet to the destination?
The source address remains 10.200.3.1 because FortiGate does not modify the source address by default unless NAT is applied (which is disabled in the policy).
The destination address is translated to 10.0.1.10 by the VIP (Virtual IP) object, as this is the internal server address mapped to the external IP 10.200.1.10.
The destination port is translated from 8080 to 80 as per the port forwarding rule configured in the VIP object.
