For Option A:In Fortinet BGP (and standard BGP), when a prefix is displayed with an "i" (lowercase i) in the Path column, it represents an internal prefix that originated from the local router, typically configured via the BGP "network" command. In the exhibit, the prefix 10.20.30.0/24 is listed with a Path value of i, indicating it was injected into BGP by the local router using the network statement, not via redistribution from another routing protocol. The same logic applies to i as documented: "Origin code 'i' means the route was injected via the network command." For Option D:The get router info bgp network output is a summary table displaying both local and received BGP routes. It lists all known routes to the BGP process, whether received from peers or originated locally.
The exhibit shows all BGP prefixes known to the local router, matching the official admin guide's description of this command's output.
Explanation for B and C:
The phrase "legacy route advertisement" is not formalized in BGP documentation or Fortinet's admin guide; the output uses standard BGP mechanics.
If a route was redistributed into BGP from another routing protocol, the Path field would display a "?" (question mark) for incomplete (redistributed) origin. Here the /24 route has "i" so it is NOT a redistribution.
References:
FortiOS Administration Guide: BGP Configuration and Route Table Interpretation Official BGP Command Reference: Show BGP Network, Path Codes, Route Origination Indicators

The output of the diagnose sys session list command provides the critical evidence needed to determine the behavior during a failover:
Session Synchronization (synced):
The most important indicator in the exhibit is the synced flag located in the state= line (state=may_dirty synced none app_ntf).
In FortiOS HA (High Availability), the synced flag confirms that this specific session has been successfully synchronized from the primary device to the secondary (backup) device.
Session synchronization (Session Pickup) ensures that if the primary unit fails, the secondary unit already has the session in its table and can resume traffic processing immediately.
TCP State (proto_state=01):
The output shows proto=6 (TCP) and proto_state=01.
In the FortiGate session table, proto_state=01 for TCP indicates that the session is in the ESTABLISHED state (post-three-way handshake).
This invalidates Option B, which claims the TCP session is not fully established.
Failover Outcome:
Because the session is ESTABLISHED and SYNCED, the secondary device will seamlessly take over the session upon primary failure.
The traffic continues to flow through the new primary without requiring the user/client to restart the connection. This is the primary function of HA Session Pickup.
Why other options are incorrect:
A: While the output shows app_ntf (Application Control notification) and may_dirty, the presence of the synced flag overrides this concern regarding failover. If the session type were not supported for failover (e.g., certain proxy sessions in older versions), it would not be marked as synced. Since it is synced, it persists.
B: As noted, proto_state=01 means established, not "not fully established".
D: While the kernel updates routing tables, the purpose of syncing the session is to preserve the state so it does not need to be re-evaluated as a new packet would, preventing traffic drops.
Reference:
FortiGate Security 7.6 Study Guide (High Availability): "If session pickup is enabled, the primary unit synchronizes its session table... to the backup unit. If the primary unit fails, the backup unit... continues to process the sessions with no interruption."

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-How-to-troubleshoot-FSSO-agentless- polling/ta-p/214349 From the snippet we can see that FortiGate (via the fssod daemon) is directly detecting the user logon rather than relying on a separate "collector" or "DC agent." This indicates agentless polling-FortiGate polls the DC's event logs over TCP 445 to discover logons. So: - FSSO is using agentless polling mode to detect logon events - In agentless mode, FortiGate will periodically poll the same IP (the DC) on port 445 to see if the user is still logged on