Exhibit.Refer to the exhibit, which shows a partial touting table What two concisions can you draw from the corresponding FortiGate configuration? (Choose two.)
Answer(s): B,D
Option B is correct because the routing table shows that the tunnel interfaces have a netmask of255.255.255.255, which indicates that net-device is enabled in the phase 1 configuration. This option allows the FortiGate to use the tunnel interface as a next-hop for routing, without adding a route to the phase 2 destination.Option D is correct because the routing table does not show any routes to the phase 2 destination networks, which indicates that add-route is disabled in the phase 1 configuration. This option controls whether the FortiGate adds a static route to the phase 2 destination network using the tunnel interface as the gateway.Option A is incorrect because IPSec tunnel aggregation is a feature that allows multiple phase 2 selectors to share a single phase 1 tunnel, reducing the number of tunnels and improving performance. This feature is not related to the routing table or the phase 1 configuration. Option C is incorrect because OSPF is a dynamic routing protocol that can run over IPSec tunnels, but it requires additional configuration on the FortiGate and the peer device. This option is not related to the routing table or the phase 1 configuration.
=1: Technical Tip: `set net-device' new route-based IPsec logic22: Adding a static route53: IPSec VPN concepts64: Dynamic routing over IPsec VPN7
Which ADVPN configuration must be configured using a script on fortiManager, when using VPN Manager to manage fortiGate VPN tunnels?
Answer(s): A
To enable AD-VPN, you need to edit an SD-WAN overlay template and enable the Auto-Discovery VPN toggle. This will automatically add the required settings to the IPsec template and the BGP template. You cannot enable AD-VPN directly in the IPsec phase 1 settings using VPN Manager.
ADVPN | FortiManager 7.2.0 - Fortinet Documentation
Exhibit.Refer to the exhibit, which provides information on BGP neighbors.Which can you conclude from this command output?
Answer(s): C
The BGP state is "Idle", indicating that BGP is attempting to establish a TCP connection with the peer. This is the first state in the BGP finite state machine, and it means that no TCP connection has been established yet. If the TCP connection fails, the BGP state will reset to either active or idle, depending on the configuration.
You can find more information about BGP states and troubleshooting in the following Fortinet Enterprise Firewall 7.2 documents:Troubleshooting BGPHow BGP works
Exhibit.Refer to the exhibit, which contains the partial ADVPN configuration of a spoke.Which two parameters must you configure on the corresponding single hub? (Choose two.)
Answer(s): A,B
For an ADVPN spoke configuration shown, the corresponding hub must have auto-discovery-sender enabled to send shortcut advertisement messages to the spokes. Also, the hub would need to have auto-discovery-forwarder enabled if it is to forward on those shortcut advertisements to other spokes. This allows the hub to inform all spokes about the best path to reach each other. The ike- version does not need to be reconfigured on the hub if it's already set to version 2 and auto- discovery-receiver is not necessary on the hub because it's the one sending the advertisements, not receiving.
FortiOS Handbook - ADVPN
Post your Comments and Discuss Fortinet NSE7_EFW-7.2 exam with other Community members:
Sobhash Commented on April 03, 2024 I was required by my company to pass this exam. I studied for 2 months and sat for the exam but failed. So I decided to use this study exam pacakge with practice questions. They questions turned out to be very relavant and accurate. The explanations and references are a big help. I passed the exam last week. UNITED KINGDOM
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the NSE7_EFW-7.2 content, but please register or login to continue.