A customer wants to secure the network shown in the exhibit with a full redundancy design.
Which security design would you use?
A.
Place a FortiGate FGCP Cluster between DD and AA, then connect it to SW1, SW2, SW3, and SW4.
B.
Place a FortiGate FGCP Cluster between BB and CC, then connect it to SW1, SW2, SW3, and SW4.
C.
Place a FortiGate FGCP Cluster between BB and AA, then connect it to SW1, SW2, SW3, and SW4.
D.
Place a FortiGate FGCP Cluster between DD and FF, then connect it to SW1, SW2, SW3, and SW4.
why not CC and BB?
0
0
Because it leaves your two switches (SW3 and SW4) unprotected. I think they were trying to be tricky with this one. You’re thinking north and south switches which is common meaning SW1 and SW2 are LAN-side switches whilst SW3 and SW4 are WAN-side switches, but that is not specified anywhere to be the case. Thus you have to assume you protect all 4 switches, and the only one that does all that is from AA to DD, though still not a great design and not one that I would do.
0
0
Alright so this one bugged me all night and I went and researched “full mesh HA” with FortiGates and… lo and behold, I think very much the answer they are looking for was CC and BB. If you look at http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_full_meshExample.htm it shows almost this same configuration.
I was thinking AA and DD because it was the only way you could potentially have all four switches behind a FGT but, the more I thought about that the more I realized I was letting the supposed “right” answer skew my thinking that my instinct was wrong. So Rolf, I stand corrected.
0
0
I think B should be correct, between BB and CC seems to be the only logical place to put the fortigate cluster.
0
0