nerdexam
Fortinet

FCSS_SASE_AD-25 · Question #25

FCSS_SASE_AD-25 Question #25: Real Exam Question with Answer & Explanation

The correct answer is D. The server subnet BGP route was not received on FortiSASE.. The FortiSASE BGP learned routes do not include the 10.160.160.0/24 subnet (server network). Although the FortiGate hub is advertising this route (10.160.160.0/24) to FortiSASE, it is not visible in the FortiSASE BGP route table - indicating a routing issue. Without this route, F

Question

Refer to the exhibits. A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub. Based on the exhibits, what is the reason for the access failure?

Exhibits

FCSS_SASE_AD-25 question #25 exhibit 1
FCSS_SASE_AD-25 question #25 exhibit 2
FCSS_SASE_AD-25 question #25 exhibit 3
FCSS_SASE_AD-25 question #25 exhibit 4
FCSS_SASE_AD-25 question #25 exhibit 5

Options

  • AA private access policy has denied the traffic because of failed compliance
  • BThe hub is not advertising the required routes.
  • CThe hub firewall policy does not include the FortiClient address range.
  • DThe server subnet BGP route was not received on FortiSASE.

Explanation

The FortiSASE BGP learned routes do not include the 10.160.160.0/24 subnet (server network). Although the FortiGate hub is advertising this route (10.160.160.0/24) to FortiSASE, it is not visible in the FortiSASE BGP route table - indicating a routing issue. Without this route, FortiSASE cannot forward traffic from FortiClient to the server.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full FCSS_SASE_AD-25 Practice