Pass4Future also provide interactive practice exam software for preparing Fortinet NSE 6 - SD-WAN 7.6 Enterprise Administrator (NSE6_SDW_AD-7.6) Exam effectively. You are welcome to explore sample free Fortinet NSE6_SDW_AD-7.6 Exam questions below and also try Fortinet NSE6_SDW_AD-7.6 Exam practice test software.
Do you know that you can access more real Fortinet NSE6_SDW_AD-7.6 exam questions via Premium Access? ()
Refer to the exhibits.
The SD-WAN zones and members configuration of two branch devices are shown. The two branch devices are part of the same hub-and-spoke topology and connect to the same hub. The devices are configured to allow Auto-Discovery VPN (ADVPN). The configuration on the hub allows the initial communication between the two spokes.
When traffic flows require it, between which interfaces can the devices establish shortcuts? Choose one answer.)
Answer : D
From the exhibit, both branches have an SD-WAN zone named overlay with set advpn-select enable, and each SD-WAN member in that zone is assigned a transport-group value.
Branch-A members:
T1 transport-group 1
T2 transport-group 1
T3 transport-group 2
Branch-B members:
TA transport-group 1
TB transport-group 2
TC transport-group 3
In FCSS SD-WAN 7.6 ADVPN design, transport-group is used to constrain which underlays are allowed to form ADVPN shortcuts with each other. A spoke can establish an ADVPN shortcut only between interfaces that belong to the same transport-group on both sides. This prevents building shortcuts across dissimilar transports.
Evaluating the options:
Option D (T2 on Branch-A with transport-group 1 and TA on Branch-B with transport-group 1) is a valid shortcut pairing.
Option C is not valid because T3 is transport-group 2 while TC is transport-group 3, so they are not permitted to form a shortcut.
Option A is incorrect because not all overlay-zone interfaces are eligible; eligibility is restricted by transport-group matching.
Option B is incorrect because ADVPN shortcuts are spoke-to-spoke tunnels (facilitated by the hub), not limited to ''interfaces connected to hub only.''
Therefore, the valid shortcut pairing listed is between T2 on Branch-A and TA on Branch-B, which corresponds to Option D.
Refer to the exhibit.
An administrator configures SD-WAN rules for a DIA setup using the FortiGate GUI. The page to configure the source and destination part of the rule looks as shown in the exhibit. The GUI page shows no option to configure an application as the destination of the SD-WAN rule Why?
Answer : D
(You plan a large SD-WAN deployment for a global company. You want to divide the network architecture into five geographical regions and install two hubs in each region for increased redundancy. You expect a significant amount of traffic within each region and limited traffic flow between spokes in different regions. You plan to connect the small branch sites to only the closest hub in their regions and the large branch sites to the two hubs in the regions.
Which statement about your plan is true? Choose one answer.)
Answer : A
The described design is a multi-region SD-WAN architecture, where:
Each region has its own dual-hub ADVPN domain
Most traffic is intra-region
Inter-region traffic is limited and controlled
Spokes can be single-hub or dual-hub, depending on size and redundancy requirements
According to Fortinet's SD-WAN Architecture for Enterprise guidance, when deploying multiple ADVPN regions, eBGP is the recommended routing protocol between regions. Each region operates as an independent routing domain (typically iBGP within the region), while eBGP is used to exchange routes between regional hubs. This approach:
Prevents excessive route reflection and scaling issues
Provides clear administrative boundaries between regions
Improves stability and scalability in large global deployments
Matches the exact traffic pattern described (high intra-region, low inter-region traffic)
This is explicitly documented in Fortinet guidance for ''Using eBGP between regions with intra-region ADVPN'', which confirms that the architecture described in the question is valid and recommended when eBGP is used between regions.
Why the other options are incorrect:
Option B is incorrect because FortiOS does not impose a hard ''four-hub'' architectural limit in the described regional model. Each region has its own hubs, not a single flat multihub domain.
Option C is incomplete. While FortiManager Overlay Orchestrator can help operationally, it is not the key architectural requirement that makes this design valid. The question asks what makes the plan correct from a design standpoint, not a tooling standpoint.
Option D is incorrect because FortiOS fully supports mixed spoke connectivity within the same region (some spokes single-hub, others dual-hub), which is a common enterprise SD-WAN design.
Therefore, the correct and documented conclusion is that the plan is possible and eBGP should be used as the routing protocol between regions, which corresponds to Answer A.
Refer to the exhibit.
The administrator configured the SD-WAN rule ID 4 with two members (port1 and port2) and strategy lowest cost (SLA).
What are the two characteristics of the session shown in the exhibit? (Choose two.)
Answer : A, D
The line sdwan_mbr_seq=1 sdwan_service_id=4 indicates that this session is part of an SD-WAN rule. sdwan_service_id=4 confirms that the session is being handled by SD-WAN rule ID 4. This directly links the flow to the SD-WAN configuration.
The line no_offload_reason: redir-to-ips denied-by-nturbo shows that the session is not offloaded to the NPU (Network Processing Unit) and is being processed by the main CPU. A session that is not offloaded can be re-evaluated. If the outgoing interface (the one currently being used) goes down, the FortiGate will re-evaluate the session against the SD-WAN rules to find a new active member to steer the traffic through. This is a fundamental behavior of SD-WAN, which ensures network resilience.
Refer to the exhibits, which show the configuration of an SD-WAN rule and the corresponding rule status and routing table.
The administrator wants to understand the expected behavior for traffic matching the SD-WAN rule.
Based on the exhibits, what can the administrator expect for traffic matching the SD-WAN rule?
Answer : B
The rule is in SLA mode with two SLAs. From the status, HUB1-VPN2 and HUB1-VPN3 meet the SLA (sla(0x2) and sla(0x3)), while HUB1-VPN1 does not (sla(0x0)). Among members that meet SLA, FortiGate uses the configured order (priority-members 4 5 6) to pick the first eligible one---HUB1-VPN2---so traffic is routed over HUB1-VPN2.
