ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCP_FGT_AD-7.4 All Questions

View all questions & answers for the FCP_FGT_AD-7.4 exam
Go to Exam

Exam FCP_FGT_AD-7.4 topic 1 question 70 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.4
Question #: 70
Topic #: 1
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.



The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.

When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.

Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?

  • A. Configure a loopback interface with address 203.0.113.2/32.
  • B. In the VIP configuration, enable arp-reply.
  • C. In the firewall policy configuration, enable match-vip.
  • D. Enable port forwarding on the server to map the external service port to the internal service port.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by CharlieS8 at Oct. 25, 2024, 5:07 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sxcap
2 weeks ago
Selected Answer: B
this happen only when you don't have an IP set in the FortiGate's interface directly, in this example, FortiGate can use the external IP because is connected throught ISP router port (it has no NAT from the ISP), so you need to enable ARP-Reply to let FortiGate answer requests with the WAN interface mac address
upvoted 2 times
...
leipeG
3 weeks ago
Selected Answer: B
The issue here is that the FortiGate device's VIP (Virtual IP) configuration has arp-reply disabled, which means that the FortiGate is not responding to ARP requests for the external IP address (203.0.113.2). As a result, devices trying to reach the public IP cannot resolve the MAC address of the FortiGate, leading to connectivity issues.
upvoted 1 times
...
SeattleJoe
4 weeks, 1 day ago
Selected Answer: B
FGT Admin guide page 65
upvoted 1 times
...
vuhidus
1 month, 2 weeks ago
Selected Answer: B
B. In the VIP configuration, enable arp-reply. Correct answer
upvoted 1 times
...
s4mu3l007
2 months ago
B) In the VIP configuration, enable arp-reply.
upvoted 1 times
...
CharlieS8
2 months, 1 week ago
B correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago