NSE 7 – Enterprise Firewall 6.2 — Question 20

An administrator has configured two FortiGate devices for an HA cluster. While testing the HA failover, the administrator notices that some of the switches in the network continue to send traffic to the former primary unit. The administrator decides to enable the setting link-failed-signal to fix the problem.
Which statement about this command is true?

Answer options

• A. It forces the former primary device to shut down all its non-heartbeat interfaces for one second while the failover occurs.
• B. It disables all the non-heartbeat interfaces in all the HA members for two seconds after a failover.
• C. It sends a link failed signal to all connected devices.
• D. It sends an ARP packet to all connected devices, indicating that the HA virtual MAC address is reachable through a new master after a failover.

Correct answer: A

Explanation

The correct answer is A because the link-failed-signal command is designed to force the former primary device to shut down its non-heartbeat interfaces temporarily to prevent traffic from being sent to it during failover. Options B, C, and D do not accurately describe the function of the link-failed-signal command and therefore are incorrect.