Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE4_FGT_AD-7.6 Exam - Topic 4 Question 13 Discussion

What are three key routing principles in SD-WAN? (Choose three answers)
A) By default, SD-WAN rules are skipped if the included SD-WAN members do not have a valid route to the destination. and C) Regular policy routes have precedence over SD-WAN rules. and E) By default, SD-WAN rules are skipped if the best route to the destination is not an SD-WAN member.
B) SD-WAN rules have precedence over any other type of routes.
D) By default, SD-WAN rules are skipped if only one route to the destination is available.

Fortinet NSE4_FGT_AD-7.6 Exam - Topic 4 Question 13 Discussion

Actual exam question for Fortinet's NSE4_FGT_AD-7.6 exam
Question #: 13
Topic #: 4
[All NSE4_FGT_AD-7.6 Questions]

What are three key routing principles in SD-WAN? (Choose three answers)

Show Suggested Answer Hide Answer
Suggested Answer: A, C, E

''This slide shows the SD-WAN rule lookup process. SD-WAN rules are essentially policy routes.''

''FortiGate performs a forwarding information base (FIB) lookup for the packet destination IP (dstip). If the resolved interface for the fib-best-match isn't an SD-WAN member, then FortiGate moves on to the next rule. This behavior follows the key routing principle: SD-WAN rules are skipped if the best route to the destination isn't an SD-WAN member.''

''If the resolved interface is an SD-WAN member, then FortiGate looks for one or more acceptable members in the oif list... An acceptable member is an alive member that has a route to the destination. This behavior follows the key routing principle: SD-WAN rules are skipped if none of the configured members in the rule have a valid route to the destination.''

''Because regular policy routes have precedence over any other routes...''

''Also note that policy routes have precedence over SD-WAN rules, and over any routes in the FIB.''

Technical Deep Dive:

The correct answers are A, C, and E.

A is correct because an SD-WAN rule is not enough by itself. A selected member must also be alive and have a valid route to the destination. If none of the members referenced by the rule can actually reach the destination, the rule is skipped.

C is correct because a regular policy route is evaluated before SD-WAN rules. This is a classic exam trap. FortiGate treats SD-WAN steering like policy-route logic, but standard policy routes still win if they match and are valid.

E is correct because FortiGate first checks the FIB best match. If that best route resolves to an interface that is not an SD-WAN member, FortiGate skips the SD-WAN rule and continues.

Why the others are wrong:

B is false because SD-WAN rules do not have precedence over everything; regular policy routes do.

D is false because the number of available routes is not the deciding rule. Even with only one route, SD-WAN can still steer traffic if the routing and member conditions are met.

Operationally, think of SD-WAN routing in this order: policy route check SD-WAN rule lookup standard FIB fallback. On FortiGate, the practical validation commands are:

get router info routing-table all

diagnose sys sdwan service

diagnose firewall proute list

That combination lets you confirm whether a packet is being captured by a policy route, whether an SD-WAN rule has acceptable members, and what the FIB currently resolves for the destination.


by Dion at Jun 21, 2026, 05:46 PM

Limited Time Offer

25%

Off

Get Premium NSE4_FGT_AD-7.6 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel