NSE8_812 Question #33: Real Exam Question with Answer & Explanation

The exhibits show a diagram of a requested topology and the base IPsec configuration. A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate. In this scenario, which feature should be implemented to achieve this requirement? Refer to the exhibits: Topology: [Image of HUB, port1, port2, Spoke-B, Spoke-A with advpn1, advpn2 connections showing ADVPN topology.] Configuration:

DC:
config vpn ipsec phase1-interface
 edit "advpn1"
 set type dynamic
 set interface "port1"
 set ike-version 2
 set peertype any
 set net-device disable
 set add-route disable
 set dpd on-idle
 set suite-b suite-b-gcm-128
 set auto-discovery-sender enable
 set paksecret fortinet
 next
 edit "advpn2"
 set type dynamic
 set interface "port1"
 set ike-version 2
 set peertype any
 set net-device disable
 set add-route disable
 set dpd on-idle
 set suite-b suite-b-gcm-128
 set auto-discovery-sender enable
 set paksecret fortinet
 next
end
****************************************
Spokes:
config vpn ipsec phase1-interface
 edit "advpn1"
 set type dynamic
 set interface "port1"
 set ike-version 2
 set peertype any
 set net-device enable
 set add-route disable
 set dpd on-idle
 set suite-b suite-b-gcm-128
 set idle-timeout enable
 set idle-timeout-interval 5
 set auto-discovery-receiver enable
 set remote-gw 19.18.101.100
 set paksecret fortinet
 next
 edit "advpn2"
 set type dynamic
 set interface "port2"
 set ike-version 2
 set peertype any
 set net-device enable
 set add-route disable
 set dpd on-idle
 set suite-b suite-b-gcm-128
 set idle-timeout enable
 set idle-timeout-interval 5
 set auto-discovery-receiver enable
 set remote-gw 19.18.101.100
 set paksecret fortinet
 next
end