Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 1 Question 22 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 22
Topic #: 1
[All NSE8_812 Questions]

An HA topology is using the following configuration:

Based on this configuration, how long will it take for a failover to be detected by the secondary cluster member?

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Laurene at May 13, 2024, 12:55 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Sabra
1 months ago
A) 600ms? Whoa, that's like a whole lifetime in the tech world! By the time the failover happens, the primary cluster member will have already been on vacation for a week.
upvoted 0 times
Keena
23 hours ago
A) 600ms? That's way too long for a failover!
upvoted 0 times
...
Verlene
2 days ago
C) 300ms
upvoted 0 times
...
Filiberto
11 days ago
B) 200ms
upvoted 0 times
...
...
Evangelina
1 months ago
I'm going with B) 200ms. It's a happy medium between being too fast and too slow. Gotta keep that failover snappy, you know?
upvoted 0 times
Cassie
18 days ago
I think A) 600ms is too slow for failover detection.
upvoted 0 times
...
...
Glory
2 months ago
D) 100ms? That's way too fast. These clusters need some time to communicate and make sure there's a real failure before switching over.
upvoted 0 times
Carmelina
15 days ago
B) 200ms
upvoted 0 times
...
Paz
25 days ago
A) 600ms
upvoted 0 times
...
...
Carey
2 months ago
Hmm, I think the answer is C) 300ms. That delay seems like a reasonable time for the secondary cluster member to detect a failover.
upvoted 0 times
Ria
7 days ago
D) 100ms seems too short for failover detection, I would go with a longer delay.
upvoted 0 times
...
Kimbery
28 days ago
I'm leaning towards B) 200ms, a quicker response time could be more efficient.
upvoted 0 times
...
Lindy
1 months ago
I think it might be A) 600ms, a longer delay could be safer for failover detection.
upvoted 0 times
...
Golda
1 months ago
I agree, C) 300ms sounds like a reasonable time for failover detection.
upvoted 0 times
...
...
Chaya
2 months ago
I'm confident in my answer because the configuration shows a longer detection time.
upvoted 0 times
...
Kendra
2 months ago
I disagree, I believe it's B) 200ms.
upvoted 0 times
...
Chaya
2 months ago
I think the answer is A) 600ms.
upvoted 0 times
...

Save Cancel