A network architect is designing a resilient campus network using a FortiGate HA Active-Passive cluster connected to a pair of core FortiSwitches in a stack. The design requires that downstream access switches maintain connectivity during a FortiGate failover event. Which configuration is essential on the core FortiSwitch stack to ensure seamless failover and connectivity?
A security administrator is hardening untrusted access-layer FortiSwitch ports against common Layer 2 spoofing attacks. To create a multi-layered defense, they plan to implement DHCP Snooping, Dynamic ARP Inspection (DAI), and IP Source Guard. Which THREE statements accurately describe the implementation and dependencies of these features? (Select THREE)
An administrator manages a large-scale deployment of over 100 FortiSwitches using a global FortiSwitch Template on a FortiGate. A new requirement mandates that all switches in the engineering department's wiring closets must have PoE disabled on ports 1-12. What is the most efficient and scalable method to apply this specific configuration without affecting the other 80+ switches?
**Case Study:** A hospital is overhauling its campus network using a FortiGate 1800F cluster and multiple stacks of FortiSwitch 448E models. The primary goal is to enforce strict segmentation and security while ensuring high performance for critical systems. The network must support three main user groups: Medical Devices (IoMT), Administrative Staff, and a public Guest Wi-Fi network. **Requirements:** 1. **IoMT Network (VLAN 100):** Devices must be completely isolated from each other at Layer 2 to prevent lateral movement of malware. However, they all need to communicate with a central IoMT management server located in the data center. This traffic is latency-sensitive. 2. **Admin Network (VLAN 200):** Staff devices need to communicate with each other and with corporate servers. Access to the IoMT network is strictly forbidden. 3. **Guest Network (VLAN 300):** Guest devices must be isolated from each other and only have access to the internet. They must not be able to reach any internal network resources. **Current Plan:** The administrator plans to use a single VDOM on the FortiGate and create separate VLANs for each group. All inter-VLAN routing will be handled by the FortiGate. Given these stringent requirements, which design modification provides the most robust and efficient solution for the IoMT and Guest networks on the FortiSwitch access layer?
An administrator is deploying a new fleet of VoIP phones and wants to leverage the FortiSwitch infrastructure to automatically provision them with the correct VLAN and Quality of Service (QoS) settings upon connection. Which protocol should be configured on the switch ports to achieve this?
A network operations team is experiencing intermittent high CPU utilization on a core FortiSwitch. They suspect an application is generating excessive broadcast or unknown unicast traffic, but enabling storm control has not logged any dropped packets. To identify the source traffic without the performance impact of a full packet capture (SPAN), what is the most appropriate monitoring feature to configure?
True or False: When configuring 802.1X port-based authentication on a FortiSwitch, a 'Guest VLAN' can be configured to automatically assign limited network access to endpoints that fail the RADIUS authentication process.
A network architect is implementing Multiple Spanning Tree Protocol (MSTP) on a multi-tier FortiSwitch campus network to optimize load balancing for different VLANs. What is the most critical configuration parameter that must be identical across all switches participating in the same MSTP region to ensure they can interoperate correctly?
A network engineer is troubleshooting a FortiSwitch stack and needs to verify the health and statistics of the dedicated link between the two chassis in the MCLAG domain. Which CLI command will display this specific information? `diagnose switch mclag ______`
A financial services company is using FortiSwitch Private VLANs (PVLANs) to enforce strict Layer 2 isolation for servers belonging to different clients, even though they are in the same IP subnet. A shared backup server must be able to initiate connections to all isolated client servers. The client servers must not be able to communicate with each other. What PVLAN port type must be configured for the port connected to the shared backup server?