ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.0 All Questions

View all questions & answers for the NSE4_FGT-7.0 exam
Go to Exam

Exam NSE4_FGT-7.0 topic 1 question 13 discussion

Actual exam question from Fortinet's NSE4_FGT-7.0
Question #: 13
Topic #: 1
[All NSE4_FGT-7.0 Questions]

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up
✑ The secondary tunnel must be used only if the primary tunnel goes down
In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover

Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)

  • A. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
  • B. Enable Dead Peer Detection.
  • C. Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels.
  • D. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by Ran182 at Sept. 8, 2022, 10:43 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ran182
Highly Voted 1 year, 4 months ago
Selected Answer: BD
BD for sure
upvoted 6 times
...
raydel92
Most Recent 4 months, 2 weeks ago
Selected Answer: BD
Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
upvoted 1 times
...
geotown
5 months ago
BD, lower distance & enable DPD
upvoted 1 times
...
HC
11 months, 2 weeks ago
Selected Answer: BD
BD - DPD enabled and lower distance is prefered
upvoted 1 times
...
bccabrera
1 year, 2 months ago
Selected Answer: BD
Study Guide – IPsec VPN – IPsec configuration – Phase 1 Network. When Dead Peer Detection (DPD) is enabled, DPD probes are sent to detect a failed tunnel and bring it down before its IPsec SAs expire. This failure detection mechanism is very useful when you have redundant paths to the same destination, and you want to failover to a backup connection when the primary connection fails to keep the connectivity between the sites up. There are three DPD modes. On demand is the default mode. Study Guide – IPsec VPN – Redundant VPNs. Add one phase 1 configuration for each tunnel. DPD should be enabled on both ends. Add at least one phase 2 definition for each phase 1. Add one static route for each path. Use distance or priority to select primary routes over backup routes (routes for the primary VPN must have a lower distance or lower priority than the backup). Alternatively, use dynamic routing. Configure FW policies for each IPsec interface.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago