NSE4 Question #310: Real Exam Question with Answer & Explanation

The correct answer is B: The interface is a member of a virtual wire pair.. An interface on a FortiGate cannot be configured with an IP address if it is part of a virtual wire pair, if the FortiGate is in transparent mode, or if it is a member of a logical switch.

Submitted by amina.ke· Apr 18, 2026FortiGate Deployment and System Configuration

Question

An administrator observes that the port1 interface cannot be configured with an IP address. What can be the reasons for that? (Choose three.)

Options

AThe interface has been configured for one-arm sniffer.
BThe interface is a member of a virtual wire pair.
CThe operation mode is transparent.
DThe interface is a member of a zone.
ECaptive portal is enabled in the interface.

Explanation

An interface on a FortiGate cannot be configured with an IP address if it is part of a virtual wire pair, if the FortiGate is in transparent mode, or if it is a member of a logical switch.

Common mistakes.

A. An interface configured for one-arm sniffer mode requires an IP address for management and for the sniffer to function and collect traffic.
E. Enabling a captive portal on an interface requires that interface to have an IP address to redirect user traffic and present the portal page.

Concept tested. FortiGate interface IP address configuration restrictions

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/469905/interface-types

Topics

#FortiGate interfaces#Interface configuration#Virtual Wire#Transparent Mode

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions