NSE4 Question #438: Real Exam Question with Answer & Explanation

The correct answer is D: Under the firewall policy settings.. The type of IPsec configuration (policy-based or route-based) is determined by how the VPN is integrated into the firewall policy, which directs traffic to the VPN tunnel.

Submitted by akirajp· Apr 18, 2026Firewall Policies and Authentication

Question

Which portion of the configuration does an administrator specify the type of IPsec configuration (either policy-based or route-based)?

Options

AUnder the IPsec VPN global settings.
BUnder the phase 2 settings.
CUnder the phase 1 settings.
DUnder the firewall policy settings.

Explanation

The type of IPsec configuration (policy-based or route-based) is determined by how the VPN is integrated into the firewall policy, which directs traffic to the VPN tunnel.

Common mistakes.

A. Global settings typically apply to general VPN parameters or common settings, not the fundamental type of traffic routing for a specific VPN.
B. Phase 2 settings define the IPsec Security Association (SA) parameters, such as encryption and authentication algorithms, but do not determine the VPN type.
C. Phase 1 settings establish the IKE Security Association (SA) for secure key exchange parameters like encryption, authentication, and lifetime, which is independent of the VPN type.

Concept tested. IPsec VPN policy type configuration

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/867295/policy-based-vs-route-based-ipsec-vpn

Topics

#IPsec VPN#FortiGate Configuration#Policy-based VPN#Route-based VPN

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions