Refer to the exhibit. The FortiGate has two default routes. The administrator attempts to ping 8.8.8.8 from the CLI and receives no response. What is the most likely reason?
Why this answer
When a FortiGate has multiple default routes, it uses the route with the lowest distance (administrative distance) as the primary route. If the gateway for the primary route (203.0.113.1 on port1) is unreachable, the FortiGate will not be able to reach 8.8.8.8, even if a secondary default route exists. The ping fails because the device cannot ARP for the gateway or the next-hop is down, causing the route to be inactive.
Exam trap
The trap here is that candidates often assume both default routes are active and load-balanced, but FortiGate uses administrative distance to select a single active route, and if the gateway of that route is unreachable, the route becomes invalid and no traffic is forwarded until the next route is considered.
How to eliminate wrong answers
Option A is wrong because a second default route does not 'overwrite' the first; FortiGate supports multiple default routes and selects the best one based on distance or priority, not by overwriting. Option B is wrong because both routes are not equal-cost (they have different distances, 10 and 20), so load-balancing is not applicable; FortiGate uses the route with the lowest distance. Option C is wrong because duplicate default routes are allowed in FortiGate; they are valid as long as they have different distances or priorities, providing redundancy.