FortinetFortinet
NSE4 · Question #44
NSE4 Question #44: Real Exam Question with Answer & Explanation
The correct answer is A: The remote gateway address on 10.200.3.1.. The IPsec phase 1 configuration specifies the remote peer's public IP address as 10.200.3.1 and defines the local gateway IP as the address assigned to the FortiGate's port1 interface.
Submitted by femi9· Apr 18, 2026VPN and Routing
Question
Review the IPsec phase 1 configuration in the exhibit; then answer the question below. Which statements are correct regarding this configuration? (Choose two.)
Options
- AThe remote gateway address on 10.200.3.1.
- BThe local IPsec interface address is 10.200.3.1.
- CThe local gateway IP is the address assigned to port1.
- DThe local gateway IP address is 10.200.3.1.
Explanation
The IPsec phase 1 configuration specifies the remote peer's public IP address as 10.200.3.1 and defines the local gateway IP as the address assigned to the FortiGate's port1 interface.
Common mistakes.
- B. The 'local IPsec interface address' refers to the IP on the FortiGate's interface used for the tunnel, but assuming 10.200.3.1 is the remote gateway (A is correct), it cannot simultaneously be the local interface address in a standard setup.
- D. If the remote gateway IP address is 10.200.3.1 (as per choice A), then the local gateway IP address cannot also be 10.200.3.1 in a typical site-to-site IPsec VPN configuration without complex and unusual NAT scenarios.
Concept tested. IPsec Phase 1 gateway identification
Topics
#IPsec VPN#Phase 1#Gateway Configuration#FortiGate
Community Discussion
No community discussion yet for this question.