ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE8_812 All Questions

View all questions & answers for the NSE8_812 exam
Go to Exam

Exam NSE8_812 topic 1 question 58 discussion

Actual exam question from Fortinet's NSE8_812
Question #: 58
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibits.

Topology -


Configuration -

The exhibits show a diagram of a requested topology and the base IPsec configuration.
A customer asks you to configure ADVPN via two internet underlays. The requirement is that you use one interface with a single IP address on DC FortiGate.
In this scenario, which feature should be implemented to achieve this requirement?

  • A. Use network-overlay id
  • B. Change advpn2 to IKEv1
  • C. Use local-id
  • D. Use peer-id
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by pplee_sh at Aug. 24, 2023, 3:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pplee_sh
Highly Voted 1 year, 4 months ago
Selected Answer: A
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-case-of-Network-Ids-with-ADVPN-shortcut/ta-p/241025
upvoted 5 times
...
re_j0hn
Most Recent 10 months, 3 weeks ago
It is not possible to establish two IPSEC tunnels between the same two FGT IPs, unless the Network Overlay ID differs between these two tunnels. Thus, the answer is A.
upvoted 1 times
...
Golux
12 months ago
Selected Answer: A
The network ID is a Fortinet-proprietary attribute that is used to select the correct phase 1 between IPsec peers, so that multiple IKEv2 tunnels can be established between the same local/remote gateway pairs.In static phase 1 configurations, network-id is used with the pair of gateway IPs to negotiate the correct tunnel with a matching network-id. This allows IPsec peers to use the same pair of underlay IPs to establish multiple IPsec tunnels. Without it, only a single tunnel can be established over the same pair of underlay IPs.
upvoted 2 times
...
ama6
1 year, 3 months ago
A is correct
upvoted 1 times
...
WBP43
1 year, 3 months ago
Selected Answer: C
Without Local-id hubs won't be able to connect to hub, they dont know to which VPN connect. Network-id would be used if hubs would have only one ISP, which is not the case.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel