NSE 8 – Network Security Expert (812) — Question 80

You are migrating the branches of a customer to FortiGate devices. They require independent routing tables on the LAN side of the network.
After reviewing the design, you notice the firewall will have many BGP sessions as you have two data centers (DC) and two ISPs per DC while each branch is using at least 10 internal segments.
Based on this scenario, what would you suggest as the more efficient solution, considering that in the future the number of internal segments, DCs or internet links per DC will increase?

Answer options

• A. No change in design is needed as even small FortiGate devices have a large memory capacity
• B. Acquire a FortiGate model with more capacity, considering the next 5 years growth
• C. Implement network-id, neighbor-group and increase the advertisement-interval
• D. Redesign the SD-WAN deployment to only use a single VPN tunnel and segment traffic using VRFs on BGP

Correct answer: D

Explanation

The correct answer is D because redesigning the SD-WAN to use a single VPN tunnel reduces complexity and resource usage, allowing for better scalability as more segments are added. Options A and B do not address the underlying issue of managing numerous BGP sessions and may lead to performance bottlenecks. Option C, while it offers some improvements, does not provide the comprehensive solution needed for future growth.