BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam FCP_FGT_AD-7.4 Topic 7 Question 5 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 5
Topic #: 7
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 failed to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes can the administrator make to bring phase 1 up? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

by Joni at Sep 12, 2024, 12:47 AM

Limited Time Offer

25%

Off

Get Premium FCP_FGT_AD-7.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alexis
1 months ago
I agree with Amie. Option C is the most logical choice here. Of course, if all else fails, you could always try turning it off and on again. That usually works, right?
upvoted 0 times
...
Amie
1 months ago
Ha! Setting port2 as the interface on the Remote-FortiGate? That's like trying to fit a square peg in a round hole. I'd go with option C and set the Dead Peer Detection to On Demand on both devices.
upvoted 0 times
Sheridan
6 days ago
Yeah, Dead Peer Detection on demand seems like the way to go.
upvoted 0 times
...
Viola
11 days ago
I agree, setting port2 as the interface doesn't make sense.
upvoted 0 times
...
Kathrine
19 days ago
Good call. Let's make that change and see if phase 1 comes up.
upvoted 0 times
...
Shantay
22 days ago
Yeah, let's go with option C and see if that fixes the issue.
upvoted 0 times
...
Xochitl
27 days ago
I agree, setting port2 as the interface doesn't seem right.
upvoted 0 times
...
Kip
29 days ago
Option C sounds like a good idea. Dead Peer Detection might help.
upvoted 0 times
...
...
Thersa
1 months ago
I'm not sure about option C though. Dead Peer Detection might not be the issue here.
upvoted 0 times
...
Naomi
2 months ago
Hmm, I'm not sure. Disabling Diffie-Helman group 2 on the HQ-FortiGate seems like it could work, but I'd have to double-check the compatibility between the two devices.
upvoted 0 times
Arleen
15 days ago
It's a good idea to double-check the compatibility between the two devices before making any changes.
upvoted 0 times
...
Troy
18 days ago
Setting port2 as Interface on the Remote-FortiGate might also be worth trying.
upvoted 0 times
...
Mitsue
25 days ago
I think disabling Diffie-Helman group 2 on the HQ-FortiGate could help.
upvoted 0 times
...
...
Jamika
2 months ago
I agree with you, Niesha. Disabling Diffie-Helman group 2 and setting IKE mode to Main could help.
upvoted 0 times
...
Niesha
2 months ago
I think option A and D could be the right choices.
upvoted 0 times
...
Gayla
2 months ago
I think option D is the way to go. Setting the IKE mode to Main (ID protection) on the HQ-FortiGate should help establish the phase 1 connection.
upvoted 0 times
Kris
2 months ago
I agree, setting the IKE mode to Main (ID protection) on the HQ-FortiGate might do the trick.
upvoted 0 times
...
Tijuana
2 months ago
Option D is a good choice. It could help with the phase 1 connection.
upvoted 0 times
...
...

Save Cancel