Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCP_FGT_AD-7.4 Topic 5 Question 10 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 10
Topic #: 5
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.

Based on the phase 2 configuration shown in the exhibit, which two configuration changes will bring phase 2 up? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: C, D

Contribute your Thoughts:

Shawnda
27 days ago
Is this a trick question? It can't be that hard to get an IPsec tunnel up and running, can it?
upvoted 0 times
Erinn
8 days ago
A: Agreed, those two changes should bring phase 2 up.
upvoted 0 times
...
Socorro
10 days ago
B: Yeah, and we also need to enable Diffie-Hellman Group 2 on HQ-FortiGate.
upvoted 0 times
...
Dottie
11 days ago
A: I think we need to set Seconds to 43200 on Remote-FortiGate.
upvoted 0 times
...
...
Kina
1 months ago
AES256 encryption? Really? Isn't that a bit overkill for an IPsec tunnel?
upvoted 0 times
Rashad
10 days ago
Setting Seconds to 43200 on Remote-FortiGate could also be a necessary configuration change.
upvoted 0 times
...
Bobbie
10 days ago
True, security is always a top priority when setting up IPsec tunnels.
upvoted 0 times
...
Colette
13 days ago
Enabling Diffie-Hellman Group 2 on HQ-FortiGate might also help bring up phase 2.
upvoted 0 times
...
Brande
17 days ago
It might be overkill, but it could be necessary for security reasons.
upvoted 0 times
...
...
Mila
1 months ago
Wait, why would you set the Remote Address on the Remote-FortiGate? That's just silly.
upvoted 0 times
Murray
23 days ago
User 2: Yeah, it seems like a configuration error. It should be set on the HQ-FortiGate instead.
upvoted 0 times
...
Dusti
23 days ago
User 2: Yeah, it seems like the Remote Address should be set on the HQ-FortiGate instead.
upvoted 0 times
...
Kattie
1 months ago
User 1: Maybe setting the Remote Address on the Remote-FortiGate was a mistake.
upvoted 0 times
...
Mollie
1 months ago
User 1: Maybe setting the Remote Address on the Remote-FortiGate was a mistake.
upvoted 0 times
...
...
Romana
2 months ago
Seconds should be 28800, not 43200. That's a classic rookie mistake.
upvoted 0 times
...
Sophia
2 months ago
I'm not sure, but I think the answer could also be D.
upvoted 0 times
...
Chaya
2 months ago
I agree with Mitsue, enabling Diffie-Hellman Group 2 should bring phase 2 up.
upvoted 0 times
...
Gilbert
2 months ago
The Diffie-Hellman Group 2 setting on the HQ-FortiGate device seems off. That's probably the culprit.
upvoted 0 times
Charlie
18 days ago
Setting Remote Address to 10.0.1.0/255.255.255.0 on Remote-FortiGate is necessary for phase 2 to come up.
upvoted 0 times
...
Ardella
22 days ago
D: So, enabling Diffie-Hellman Group 2 on HQ-FortiGate and setting Seconds to 43200 on Remote-FortiGate should do the trick.
upvoted 0 times
...
Nikita
23 days ago
Make sure to set Seconds to 43200 on Remote-FortiGate as well.
upvoted 0 times
...
German
24 days ago
Setting Encryption to AES256 on HQ-FortiGate might also help in bringing up phase 2.
upvoted 0 times
...
Salena
27 days ago
C: I believe setting Seconds to 43200 on the Remote-FortiGate is also necessary for phase 2 to come up.
upvoted 0 times
...
Zena
29 days ago
B: Yeah, that sounds like a good idea. What about the Seconds setting on the Remote-FortiGate?
upvoted 0 times
...
Rima
1 months ago
I agree, enabling Diffie-Hellman Group 2 on HQ-FortiGate should fix the issue.
upvoted 0 times
...
Lavelle
1 months ago
A: I think you're right, enabling Diffie-Hellman Group 2 on the HQ-FortiGate should fix the issue.
upvoted 0 times
...
...
Mitsue
2 months ago
I think the answer is B.
upvoted 0 times
...

Save Cancel