QUESTION: 37

Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
FortiGate is able to handle NATed connections only in aggressive mode.
FortiClient only supports aggressive mode.
Main mode does not support XAuth for user authentication.

Answer(s): A

Reveal Solution Next Question

QUESTION: 38

Examine this output from a debug flow:

Why did the FortiGate drop the packet?

The next-hop IP address is unreachable.
It failed the RPF check.
It matched an explicitly configured firewall policy with the action DENY.
It matched the default implicit firewall policy.

Answer(s): D

Reveal Solution Next Question

View the exhibit:

The client cannot connect to the HTTP web server. The administrator ran the FortiGate built-in sniffer and got the following output:

What should be done next to troubleshoot the problem?

Run a sniffer in the web server.
Execute another sniffer in the FortiGate, this time with the filter "host 10.0.1.10".
Capture the traffic using an external sniffer connected to port1.
Execute a debug flow.

Answer(s): D

Reveal Solution Next Question

QUESTION: 40

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

They can be configured in both NAT/Route and transparent operation modes.
They support L2TP-over-IPsec.
They require two firewall policies: one for each directions of traffic flow.
They support GRE-over-IPsec.

Answer(s): A,B

Reveal Solution Next Question

Free NSE4_FGT-6.0 Exam Braindumps (page: 10)

QUESTION: 37

QUESTION: 38

QUESTION: 39

QUESTION: 40