Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCP_FGT_AD-7.4 Topic 1 Question 8 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 8
Topic #: 1
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network, the firewall policy and VIP configuration on the FortiGate device, and the routing table on the ISP router.

When the administrator tries to access the web server public address (203.0.113.2) from the internet, the connection times out. At the same time the administrator runs a sniffer on FortiGate to capture incoming web traffic to the server and does not see any output.

Based on the information shown in the exhibit, what configuration change must the administrator make to fix the connectivity issue?

Show Suggested Answer Hide Answer
Suggested Answer: B

In this scenario, the FortiGate device is using a Virtual IP (VIP) to map the public IP address (203.0.113.2) to the internal IP address of the web server (172.16.1.10). The fact that the administrator does not see any sniffer output for incoming traffic suggests that the FortiGate is not responding to ARP requests for the public IP address (203.0.113.2).

Enabling arp-reply in the VIP configuration allows the FortiGate to respond to ARP requests for the public IP, thereby allowing traffic to reach the FortiGate, which will then forward it to the web server based on the VIP mapping.


Contribute your Thoughts:

Mindy
1 months ago
Enabling arp-reply in the VIP config sounds like the way to go here. Can't hurt to try it.
upvoted 0 times
Denae
8 days ago
Enabling arp-reply sounds like the most straightforward solution to try first.
upvoted 0 times
...
Ty
9 days ago
I'm not sure, maybe configuring a loopback interface with the address could also work.
upvoted 0 times
...
Carissa
10 days ago
Yeah, that could definitely help with the connectivity issue.
upvoted 0 times
...
Anthony
24 days ago
I think enabling arp-reply in the VIP config is a good idea.
upvoted 0 times
...
...
Dominga
1 months ago
Haha, better not choose the loopback interface option, that's just asking for trouble!
upvoted 0 times
...
Dalene
1 months ago
Hmm, looks like something's up with the routing table on the ISP router. Time to dig a little deeper.
upvoted 0 times
Rodolfo
12 days ago
I think the issue might be with the VIP configuration on the FortiGate device.
upvoted 0 times
...
Ashlyn
1 months ago
I think enabling arp-reply in the VIP configuration might fix the issue.
upvoted 0 times
...
Marg
1 months ago
We should check the routing table on the ISP router.
upvoted 0 times
...
...
Mary
2 months ago
Hmm, that makes sense too. Let's discuss more before the exam.
upvoted 0 times
...
Nidia
2 months ago
I disagree, I believe the answer is D) Enable port forwarding on the server to map the external service port to the internal service port.
upvoted 0 times
...
Mary
2 months ago
I think the correct answer is B) In the VIP configuration, enable arp-reply.
upvoted 0 times
...
Gerald
2 months ago
This one's tricky, gotta really pay attention to those details in the exhibit.
upvoted 0 times
Vallie
30 days ago
C) In the firewall policy configuration, enable match-vip.
upvoted 0 times
...
Katie
1 months ago
B) In the VIP configuration, enable arp-reply.
upvoted 0 times
...
Mammie
2 months ago
A) Configure a loopback interface with address 203.0.113.2/32.
upvoted 0 times
...
...

Save Cancel