What are two advantages of using an IPsec recommended template to configure an IPsec tunnel in an hub-and-spoke topology? (Choose two.)
Answer : A, B
The use of an IPsec recommended template offers the advantage of ensuring consistent settings between phase1 and phase2 (A), which is essential for the stability and security of the IPsec tunnel. Additionally, it guides the administrator to use Fortinet's recommended settings (B), which are designed to optimize performance and security based on Fortinet's best practices. Reference: The benefits of using IPsec recommended templates are outlined in Fortinet's SD-WAN documentation, which emphasizes the importance of consistency and adherence to recommended configurations.
Refer to the exhibits.


Exhibit A shows the SD-WAN rule status and the learned BGP routes with community 65000:10.
Exhibit B shows the SD-WAN rule configuration, the BGP neighbor configuration, and the route map configuration.
The administrator wants to steer corporate traffic using routes tags in the SD-WAN rule ID 1.
However, the administrator observes that the corporate traffic does not match the SD-WAN rule ID 1.
Based on the exhibits, which configuration change is required to fix issue?
Answer : A
What are two common use cases for remote internet access (RIA)? (Choose two.)
Answer : B, C
B . Provide internet access through the hub: This involves routing branch or remote office internet traffic through a central hub, ensuring consistent security policies and possibly better management of network resources.
C . Centralize security inspection on the hub: With this approach, all internet-bound traffic from various spokes is inspected at the hub, leveraging centralized security mechanisms for thorough inspection and policy enforcement.
Refer to the exhibit.

The exhibit shows the SD-WAN rule status and configuration.
Based on the exhibit, which change in the measured packet loss will make T_INET_1_0 the new preferred member?
Answer : A
Refer to the exhibit.

An administrator is troubleshooting SD-WAN on FortiGate. A device behind branch1_fgt generates traffic to the 10.0.0.0/8 network. The administrator expects the traffic to match SD-WAN rule ID 1 and be routed over T_INET_0_0. However, the traffic is routed over T_INET_1_0.
Based on the output shown in the exhibit, which two reasons can cause the observed behavior? (Choose two.)
Answer : A, C
SD-WAN strategy is Lowest Cost (SLA) as indicated by the 'Mode(sla)' flag. Cost SLA uses SLA target, cost, and priority (i.e., interface preference - or order of config unless manually overridden by admin config) as the criteria -- in that order. Both members meet the target, both have 0 cost, and therefore member 3 (T_INET_0) wins the 'priority' tiebreaker. So if there is a valid route to the destination through member 3, it will win. The fact that it does not has nothing to do with the configured static route/member priority, which according to SG page 197 'is used as a tiebreaker for ECMP routes when matching implicit SD-WAN rule.'
Refer to the exhibits.
Exhibit A

Exhibit B

Exhibit A shows an SD-WAN event log and exhibit B shows the member status and the SD-WAN rule configuration.
Based on the exhibits, which two statements are correct? (Choose two.)
Answer : A, C
Which are two benefits of using CLI templates in FortiManager? (Choose two.)
Answer : A, D