FCP_FGT_AD-7.4 · Question #73
FCP_FGT_AD-7.4 Question #73: Real Exam Question with Answer & Explanation
The correct answer is B. In the VIP configuration, enable arp-reply.. In this scenario, the FortiGate device is using a Virtual IP (VIP) to map the public IP address (203.0.113.2) to the internal IP address of the web server (172.16.1.10). The fact that the administrator does not see any sniffer output for incoming traffic suggests that the FortiGa
Question
Exhibit
Options
- AConfigure a loopback interface with address 203.0.113.2/32.
- BIn the VIP configuration, enable arp-reply.
- CIn the firewall policy configuration, enable match-vip.
- DEnable port forwarding on the server to map the external service port to the internal service port.
Explanation
In this scenario, the FortiGate device is using a Virtual IP (VIP) to map the public IP address (203.0.113.2) to the internal IP address of the web server (172.16.1.10). The fact that the administrator does not see any sniffer output for incoming traffic suggests that the FortiGate is not responding to ARP requests for the public IP address (203.0.113.2). Enabling arp-reply in the VIP configuration allows the FortiGate to respond to ARP requests for the public IP, thereby allowing traffic to reach the FortiGate, which will then forward it to the web server based on the VIP
Community Discussion
No community discussion yet for this question.