Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam FCP_FGT_AD-7.4 Topic 5 Question 10 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 10
Topic #: 5
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

by Stephaine at Feb 10, 2025, 09:16 AM

Limited Time Offer

25%

Off

Get Premium FCP_FGT_AD-7.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Shawnda
7 days ago
Is this a trick question? It can't be that hard to get an IPsec tunnel up and running, can it?
upvoted 0 times
...
Kina
13 days ago
AES256 encryption? Really? Isn't that a bit overkill for an IPsec tunnel?
upvoted 0 times
...
Mila
22 days ago
Wait, why would you set the Remote Address on the Remote-FortiGate? That's just silly.
upvoted 0 times
Murray
3 days ago
User 2: Yeah, it seems like a configuration error. It should be set on the HQ-FortiGate instead.
upvoted 0 times
...
Dusti
3 days ago
User 2: Yeah, it seems like the Remote Address should be set on the HQ-FortiGate instead.
upvoted 0 times
...
Kattie
11 days ago
User 1: Maybe setting the Remote Address on the Remote-FortiGate was a mistake.
upvoted 0 times
...
Mollie
14 days ago
User 1: Maybe setting the Remote Address on the Remote-FortiGate was a mistake.
upvoted 0 times
...
...
Romana
30 days ago
Seconds should be 28800, not 43200. That's a classic rookie mistake.
upvoted 0 times
...
Sophia
30 days ago
I'm not sure, but I think the answer could also be D.
upvoted 0 times
...
Chaya
1 months ago
I agree with Mitsue, enabling Diffie-Hellman Group 2 should bring phase 2 up.
upvoted 0 times
...
Gilbert
1 months ago
The Diffie-Hellman Group 2 setting on the HQ-FortiGate device seems off. That's probably the culprit.
upvoted 0 times
Ardella
2 days ago
D: So, enabling Diffie-Hellman Group 2 on HQ-FortiGate and setting Seconds to 43200 on Remote-FortiGate should do the trick.
upvoted 0 times
...
Nikita
2 days ago
Make sure to set Seconds to 43200 on Remote-FortiGate as well.
upvoted 0 times
...
German
3 days ago
Setting Encryption to AES256 on HQ-FortiGate might also help in bringing up phase 2.
upvoted 0 times
...
Salena
6 days ago
C: I believe setting Seconds to 43200 on the Remote-FortiGate is also necessary for phase 2 to come up.
upvoted 0 times
...
Zena
8 days ago
B: Yeah, that sounds like a good idea. What about the Seconds setting on the Remote-FortiGate?
upvoted 0 times
...
Rima
19 days ago
I agree, enabling Diffie-Hellman Group 2 on HQ-FortiGate should fix the issue.
upvoted 0 times
...
Lavelle
20 days ago
A: I think you're right, enabling Diffie-Hellman Group 2 on the HQ-FortiGate should fix the issue.
upvoted 0 times
...
...
Mitsue
1 months ago
I think the answer is B.
upvoted 0 times
...

Save Cancel