NSE4 Question #97: Real Exam Question with Answer & Explanation

Question

An administrator wants to create an IPsec VPN tunnel between two FortiGate devices. Which three configuration steps must be performed on both units to support this scenario? (Choose three.)

Options

• ACreate firewall policies to allow and control traffic between the source and destination IP
• BConfigure the appropriate user groups to allow users access to the tunnel.
• CSet the operating mode to IPsec VPN mode.
• DDefine the phase 2 parameters.
• EDefine the Phase 1 parameters.

Explanation

This question asks for three essential configuration steps required on both FortiGate devices to establish an IPsec VPN tunnel between them.

Common mistakes.

• B. Configuring user groups is relevant for client-to-site VPNs or user-based access control, but it's not a mandatory step for establishing a basic site-to-site IPsec tunnel between two FortiGate devices.
• C. FortiGates operate in various modes, but there isn't a specific 'IPsec VPN mode' for the entire device; IPsec VPNs are a feature configured within the device's existing operating mode.

Concept tested. FortiGate site-to-site IPsec VPN basic configuration

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/52643/example-configuring-a-route-based-vpn

No community discussion yet for this question.