Fortinet NSE5_FSW_AD-7.6 Exam - Topic 4 Question 7 Discussion

According to theFortiOS 7.6 Administration Guideand theFortiSwitch 7.6 Study Guide, multi-tenancy in a FortiLink-managed environment allows a central FortiGate to partition a managed FortiSwitch fabric so that different ports can belong to different Virtual Domains (VDOMs). This is essential for Managed Service Providers (MSPs) who need to isolate client traffic at the hardware layer.

The documentation identifies two primary methods for achieving this assignment:

Assign to a VLAN and Perform VDOM Mapping (Option A):This is the most common method. The administrator creates a VLAN on the FortiLink interface and assigns it to a specific VDOM on the FortiGate. By assigning a physical FortiSwitch port to that specific VLAN, the port's traffic is logically terminated within the target VDOM. TheVDOM mappingensures that the switch-controller identifies which VDOM 'owns' the traffic originating from that specific port/VLAN combination.

Create a Virtual Port Pool (Option B):For more advanced multi-tenancy, administrators can use the FortiGate CLI to create aVirtual Port Pool. This feature allows the FortiGate to 'pool' physical switch ports and present them as logical resources that can be distributed across various VDOMs. This method provides greater flexibility in resource allocation without requiring the entire FortiLink interface to be moved.

Regarding the incorrect options:Option Cis incorrect because in a managed environment, the FortiSwitch CLI is not used for VDOM assignments; all orchestration must happen from the FortiGate.Option Dis incorrect because while you can move a FortiLink interface to a VDOM, this would move theentireswitch management and all its ports to that VDOM, which does not support a multi-tenant setup where different ports need to reside in different VDOMs.