NSE 7 – Enterprise Firewall 7.0 — Question 2

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?

Answer options

• A. Configure remote link monitoring to detect an issue in the forwarding path.
• B. Configure set send-garp-on-failover enable under config system ha on both cluster members.
• C. Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.
• D. Configure set link-failed-signal enable under config system ha on both cluster members.

Correct answer: D

Explanation

The correct answer is D because enabling link-failed-signal allows the FortiGate devices to notify the connected switches of a link failure, helping to prevent traffic from being sent to a downed device. Options A and B do not directly resolve the issue of switches still sending traffic to the former primary device, while option C is more about ensuring proper configuration rather than addressing the failover problem.