ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE8_812 All Questions

View all questions & answers for the NSE8_812 exam
Go to Exam

Exam NSE8_812 topic 1 question 17 discussion

Actual exam question from Fortinet's NSE8_812
Question #: 17
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibits.

GUI Access -


Configuration -


Topology -

An administrator has configured a FortiGate and FortiAuthenticator for two-factor authentication with FortiToken push notifications for their SSL VPN login. Upon initial review of the setup, the administrator has discovered that the customers can manually type in their two-factor code and authenticate but push notifications.
Based on the information given in the exhibits, what must be done to fix this?

  • A. On FG-1 port1, the ftm access protocol must be enabled.
  • B. FAC-1 must have an internet routable IP address for push notifications.
  • C. On FG-1 CLI, the ftm-push server setting must point to 100.64.1.41.
  • D. On FAC-1, the FortiToken public IP setting must point to 100.64.1.41.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by WBP43 at Aug. 21, 2023, 2:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kinge2
4 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
re_j0hn
1 year ago
A. https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiToken-mobile-push-notification/ta-p/195578
upvoted 1 times
re_j0hn
11 months ago
Change my answer to D. https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-FortiToken-Push-on-FortiAuthenticator-operation/ta-p/190810
upvoted 1 times
...
...
FortigateEXP
1 year ago
Selected Answer: D
This one is tricky because answers present configurations relevant to Fortitokens with Push notifications when FTKs are registered to the FORTIGATE itself, not the FAC. This relates to answers A and C - so if FTKs were configured on the FGT itself, then A and C would have to be fixed, and then question would ask for 2 answers, not one. But here FTKs are created/registered on the FORTIAUTHENTICATOR and such set up works everywhere, even when the perimeter firewall before FAC is NOT Fortigate, but Checkpoint/Juniper/Cisco ASA. So A & C are excluded as not impacting tokens located on the FAC. So the D is correct, because this configure IP should always be PUBLIC one that clients on the Internet can reach from their homes/hotels/etc. This is the IP FAC sends to the Forticlient telling him "Connect to this IP and port". Therefore it should be fixed to IP on the perimtere (here FGT) firewall.
upvoted 2 times
...
BozoPin
1 year, 3 months ago
Selected Answer: A
FTM allow access must be enabled, so A is correct https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiToken-mobile-push-notification/ta-p/195578 Requirements for FTM push to work properly " 1) The FTM service must be allowed on the FTM response receiving interface # config system interface edit <name> set allowaccess ftm next end " Nethertheless C is correct, too ;-) I am confused: On same doc: " Note: server-ip : The server IP address is the FortiGate's public IP or public IP address of device which is upstream and forwarding the push notification responses towards FortiGate. (This command is not supported from 6.4.10 onwards). server : This can be public IP or Domain name(which resolved to FortiGate's Public IP).This option is not available on 6.4.9 and below "
upvoted 2 times
...
pitz
1 year, 3 months ago
Selected Answer: B
100.64.1.41 is private ip and hence token push will not work as all fortitoken send request to public ip only.
upvoted 1 times
...
ama6
1 year, 4 months ago
B is correct
upvoted 2 times
...
Viewable8041
1 year, 4 months ago
Selected Answer: D
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-FortiToken-Push-on-FortiAuthenticator-operation/ta-p/190810 The 'Public IP/FQDN for FortiToken Mobile' needs to be set to a reachable ip for FortiToken APP access. Assuming there is NAT involved it needs to be changed to FG-1 port1 ip. ISP Router port1 IP is definitely wrong in any case.
upvoted 2 times
...
WBP43
1 year, 4 months ago
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-FortiToken-Push-on-FortiAuthenticator-operation/ta-p/190810 Correct answer is C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago