Site-to-Site IPSec VPN II

1

ADVPN

1

Which VPN topology does not allow direct communication between spokes?

1

Which VPN topology is the most fault tolerant?

1

FortiGate operation mode: NAT and transparent
L2TP-over—lPsec: Yes
GRE—over—lPsec: No
Routing protocols: No
Number of policies per VPN: One policy controls both traffic directions

1

FortiGate operation mode: Only NAT
L2TP-over—lPsec: Yes
GRE—over—lPsec: Yes
Routing protocols: Yes
Number of policies per VPN: Two policies (usually)—one for each direction

1

Transparent mode supports only policy-based VPNs

1

Generally, try to use policy-based because it offers more ﬂexibility and control.

1

Trafﬁc must be routed to the lPsec virtual network interface.

Usually two firewall policies with the Action set to ACCEPT are required (one per direction).

1

One ﬁrewall policy with the Action set to lPsec is required.

By default, hidden on the GUI. To show.

1

Wizard vpn creates only route-based VPNs

1

SD-WAN feature can also be used for VPN redundancy.

1

❌ Add one phase 1 configuration for each tunnel. Dead peer detection (DPD) must be enabled on both ends.

❌ Add at least one phase 2 definition for each phase 1.

❌ Add one static route for each path. Use distance or priority to select primary routes over backup routes. Alternatively, use dynamic routing.

❌ Conﬁgure firewall policies for each lPsec interface.

1-

2-

3-

4-

1

When configuring policy-based VPN, what option do you need to select for the Action setting?

1

Which of the following statements about route-based VPN is correct?

1

diagnose vpn tunnel list - command to verify if traffic is offloaded.

1

Keeping a real-time debug running on the background of a FortiGate for a long time it is necessary some times.

1

?

1

Which one of the following messages indicates that both ingress and egress ESP packets will be offloaded?

1

If you enable NAT in the firewall policy for VPN, which of the following issues may occur?

NSE4 6.0 NSE4 6.0 Quiz on Site-to-Site IPSec VPN II, created by Marcos Avila on 07/22/2018.

Site-to-Site IPSec VPN II

Site-to-Site IPSec VPN II

ADVPN

Which VPN topology does not allow direct communication between spokes?

Which VPN topology is the most fault tolerant?

FortiGate operation mode: NAT and transparent L2TP-over—lPsec: Yes GRE—over—lPsec: No Routing protocols: No Number of policies per VPN: One policy controls both traffic directions

FortiGate operation mode: Only NAT L2TP-over—lPsec: Yes GRE—over—lPsec: Yes Routing protocols: Yes Number of policies per VPN: Two policies (usually)—one for each direction

Transparent mode supports only policy-based VPNs

Generally, try to use policy-based because it offers more ﬂexibility and control.

Trafﬁc must be routed to the lPsec virtual network interface. Usually two firewall policies with the Action set to ACCEPT are required (one per direction).

One ﬁrewall policy with the Action set to lPsec is required. By default, hidden on the GUI. To show.

Wizard vpn creates only route-based VPNs

SD-WAN feature can also be used for VPN redundancy.

When configuring policy-based VPN, what option do you need to select for the Action setting?

Which of the following statements about route-based VPN is correct?

diagnose vpn tunnel list - command to verify if traffic is offloaded.

Keeping a real-time debug running on the background of a FortiGate for a long time it is necessary some times.

?

Which one of the following messages indicates that both ingress and egress ESP packets will be offloaded?

If you enable NAT in the firewall policy for VPN, which of the following issues may occur?

FortiGate operation mode: NAT and transparent
L2TP-over—lPsec: Yes
GRE—over—lPsec: No
Routing protocols: No
Number of policies per VPN: One policy controls both traffic directions

FortiGate operation mode: Only NAT
L2TP-over—lPsec: Yes
GRE—over—lPsec: Yes
Routing protocols: Yes
Number of policies per VPN: Two policies (usually)—one for each direction

Trafﬁc must be routed to the lPsec virtual network interface.

Usually two firewall policies with the Action set to ACCEPT are required (one per direction).

One ﬁrewall policy with the Action set to lPsec is required.

By default, hidden on the GUI. To show.