A financial services company is deploying a FortiGate HA cluster in active-passive mode between two data centers using a stretched VLAN for the HA heartbeat. During a network event, administrators observe that both FortiGates temporarily become master, creating a split-brain scenario. Which FortiOS HA setting is specifically designed to mitigate this condition by allowing a master to shut down monitored interfaces on the secondary unit if it fails to receive heartbeats?
An architect is designing a secure SD-WAN solution for a retail company with 200 branches. Each branch has one MPLS link and one broadband internet link. The primary requirement is that real-time Point of Sale (POS) traffic must always be sent over both links simultaneously to ensure zero packet loss, even if one link experiences intermittent degradation. All other traffic should fail over based on link quality. Which SD-WAN feature must be configured to meet the requirement for the POS traffic?
A security engineer has created an automation stitch to block suspicious source IPs that trigger a specific IPS signature. The stitch is configured with a trigger for 'IPS Signature' and an action to add the source IP to an address group used in a deny policy. However, the stitch is not working as expected. During troubleshooting, the engineer observes that the trigger event is generated correctly in the logs. Which TWO of the following configuration issues could be the cause of the failure? (Select TWO).
True or False: When configuring BGP route redistribution into OSPF on a FortiGate, the `redistribute bgp` command under `router ospf` is sufficient to advertise BGP routes to OSPF neighbors without any additional route maps or filters.
A systems administrator is configuring a FortiGate to act as a SAML Service Provider (SP) for administrative access. The Identity Provider (IdP) is a third-party service. After configuring the SAML settings, authentication fails. The SAML debug output indicates a `SubjectNotOnOrAfter` error. What is the most likely cause of this issue?
An organization uses FortiClient EMS to manage endpoints and enforce compliance. The security team wants to implement a Zero Trust Network Access (ZTNA) policy where only endpoints with an active FortiClient, a specific software version installed, and a high security posture tag can access internal applications. Which component is responsible for collecting the endpoint posture information and assigning the relevant ZTNA tags?
A large enterprise has deployed FortiGate 7000 series chassis in their data centers. A network architect needs to explain the data path for traffic that can be fully offloaded by the NP7 processors. Which option correctly describes the 'fast path' for a TCP session through the chassis?
An engineer is using the FortiGate REST API to automate the creation of firewall address objects. The following Python code snippet is used to send the request. Assuming the API key and FortiGate IP are correct, what must be added to the request headers for it to be accepted by the FortiGate? ```python import requests api_key = 'your_api_key' fg_ip = '10.0.1.1' headers = { 'Authorization': f'Bearer {api_key}', # Missing header here } url = f'https://{fg_ip}/api/v2/cmdb/firewall/address' response = requests.post(url, headers=headers, verify=False) ```
A global enterprise has a complex hub-and-spoke ADVPN deployment. They are experiencing issues where spoke-to-spoke shortcut tunnels are not forming for VoIP traffic, causing calls to hairpin through the hub and increasing latency. The IPsec, BGP, and underlying network connectivity have been verified as correct. What is a common ADVPN-specific reason for this behavior?
A consultant is reviewing an SD-WAN deployment where application performance is poor despite having two high-quality internet links. The configuration uses a performance SLA with latency, jitter, and packet loss thresholds. The SD-WAN rule is set to 'Best Quality'. The consultant observes from the performance SLA logs that both links are consistently marked as 'dead' (red), even though manual ping tests show low latency and no loss. What is the most likely configuration error?