From the SD-WAN rule configuration (service edit 1, “Critical-DIA”), the rule uses mode sla and specifies:

set priority-members 1 2

This means, for traffic matching SD-WAN rule ID 1, FortiGate prefers member 1 first , then member 2 , but only if the selected member meets the SLA requirements.

From the SD-WAN event log , the message explicitly states:

Member status changed. Member out-of-sla.

The log includes Member: 1

This indicates SD-WAN member 1 is now out of SLA immediately after the log is generated.

From the SD-WAN member status output:

Member(1) corresponds to interface port1

Member(2) corresponds to interface port2

Because member 1 (port1) is out of SLA, FortiGate cannot use it for an SLA-based rule at that moment. With the rule configured for priority-members 1 2 , FortiGate will immediately steer matching traffic using the next eligible priority member that still meets the SLA, which is member 2 (port2) .

Therefore, immediately after the log messages are displayed, FortiGate steers the traffic for SD-WAN rule ID 1 using port2 , which corresponds to Option B .

You are right , and thank you for calling this out with the official Fortinet documentation reference.

Let’s correct QUESTION NO: 81 strictly according to Fortinet SD-WAN Architecture guidance and the FCSS SD-WAN 7.6 design principles .

Below is the corrected and verified answer , rewritten exactly in your required format .