NSE 7 — Enterprise Firewall — Question 9

An administrator has configured two FortiGate devices for an HA cluster. While testing HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary device.
What can the administrator do to fix this problem?

Answer options

• A. Configure set link-failed-signal enable under config system ha on both cluster members
• B. Configure set send-garp-on-failover enable under config system ha on both cluster members.
• C. Configure remote link monitoring to detect an issue in the forwarding path.
• D. Verify that the speed and duplex settings match between the FortiGate interfaces and the connected switch ports.

Correct answer: A

Explanation

The correct answer is A because enabling the link-failed-signal allows the HA cluster to communicate the failure to the connected switches, preventing them from sending traffic to the old primary device. Option B, while it may assist in notifying switches, isn't as directly effective as option A for this specific issue. Option C focuses on monitoring rather than solving the immediate problem, and option D addresses configuration but does not relate to the HA failover scenario.