Exam NSE4_FGT-7.2 topic 1 question 11 discussion

C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate. D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN. FortiGate Infrastructure 7.2 Study Guide (p.200): "The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type" "The FortiGate devices must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate." Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html

Does anyone know if new questions were added in version FGT-7.4?

CD is correct. C: Server makes PKI user with CA cert. Server verifies and client authenticates with same CA cert. D: The client configures an SSLVPN Tunnel interface. B is incorrect. There are no client certificates used, only CA certs.

C y D en Security para tunnel mode - Fortigate as client: Requires proper CA certificate on SSL VPN Server Fortigate. Use SSL VPN Tunnel interface type.

To establish an SSL VPN connection between two FortiGate devices, the following two settings are required: B. The client FortiGate requires a client certificate signed by the CA on the server FortiGate. This ensures mutual authentication between the two devices, where the server verifies the client's certificate during the SSL handshake. C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate. This is necessary for the server to authenticate the client's certificate. So, the correct options are B and C.

FortiGate Infrastructure 7.2 Study Guide p.200

C y D en Security para tunnel mode - Fortigate as client: Requires proper CA certificate on SSL VPN Server Fortigate. Use SSL VPN Tunnel interface type.

C and D

7.2 SEC 200

Security pag 582 This configuration requires proper CA certificate installatin as the SSL VPN cliente FortiGate/user uses PSK and a PKI client certificate to authenticate. The FG devices must have the proper CA certificaate installed to verity the certificate chain to the root CA that signed the certificate. link: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/508779/fortigate-as-ssl-vpn-client The SSL VPN server has a custom server certificate defined, and the SSL VPN client user uses PSK and a PKI client certificate to authenticate. The FortiGates must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate.

El cliente debe instalar en su maquina local el software de autenticación el cual es el encargado de establecer la firma HA, este mismo es enviado al FortiGate el cual almacena el certificado HA. Cada vez que se vaya a hacer una conexión o petición el FortiGate compara los dos certificados, y si concuerdan, deja pasar la petición

C: This configuration requires proper CA certificate installation as the SSL VPN client FortiGate/user uses PSK and a PKI client certificate to authenticate. The FortiGate devices must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate. D: The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type.

https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/508779/fortigate-as-ssl-vpn-client The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type. The FortiGates must have a proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate.

C and D are the right answers.

C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate. D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN. To establish an SSL VPN connection between two FortiGate devices, the following two settings are required: The server FortiGate requires a CA certificate to verify the client FortiGate certificate: The server FortiGate will use a CA (Certificate Authority) certificate to verify the client FortiGate certificate, ensuring that the client device is trusted and allowed to establish an SSL VPN connection. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN: The client FortiGate must have an SSL VPN tunnel interface type configured in order to establish an SSL VPN connection. This interface type will be used to connect to the server FortiGate over the SSL VPN.