Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam FCP_FGT_AD-7.4 Topic 7 Question 5 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 5
Topic #: 7
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibit.

A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 failed to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.

Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes can the administrator make to bring phase 1 up? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D

Contribute your Thoughts:

Alexis
2 months ago
I agree with Amie. Option C is the most logical choice here. Of course, if all else fails, you could always try turning it off and on again. That usually works, right?
upvoted 0 times
...
Amie
2 months ago
Ha! Setting port2 as the interface on the Remote-FortiGate? That's like trying to fit a square peg in a round hole. I'd go with option C and set the Dead Peer Detection to On Demand on both devices.
upvoted 0 times
Micaela
30 days ago
Definitely, let's try that configuration change on both devices.
upvoted 0 times
...
Sheridan
1 months ago
Yeah, Dead Peer Detection on demand seems like the way to go.
upvoted 0 times
...
Viola
1 months ago
I agree, setting port2 as the interface doesn't make sense.
upvoted 0 times
...
Kathrine
2 months ago
Good call. Let's make that change and see if phase 1 comes up.
upvoted 0 times
...
Shantay
2 months ago
Yeah, let's go with option C and see if that fixes the issue.
upvoted 0 times
...
Xochitl
2 months ago
I agree, setting port2 as the interface doesn't seem right.
upvoted 0 times
...
Kip
2 months ago
Option C sounds like a good idea. Dead Peer Detection might help.
upvoted 0 times
...
...
Thersa
2 months ago
I'm not sure about option C though. Dead Peer Detection might not be the issue here.
upvoted 0 times
...
Naomi
3 months ago
Hmm, I'm not sure. Disabling Diffie-Helman group 2 on the HQ-FortiGate seems like it could work, but I'd have to double-check the compatibility between the two devices.
upvoted 0 times
Arleen
2 months ago
It's a good idea to double-check the compatibility between the two devices before making any changes.
upvoted 0 times
...
Troy
2 months ago
Setting port2 as Interface on the Remote-FortiGate might also be worth trying.
upvoted 0 times
...
Mitsue
2 months ago
I think disabling Diffie-Helman group 2 on the HQ-FortiGate could help.
upvoted 0 times
...
...
Jamika
3 months ago
I agree with you, Niesha. Disabling Diffie-Helman group 2 and setting IKE mode to Main could help.
upvoted 0 times
...
Niesha
3 months ago
I think option A and D could be the right choices.
upvoted 0 times
...
Gayla
3 months ago
I think option D is the way to go. Setting the IKE mode to Main (ID protection) on the HQ-FortiGate should help establish the phase 1 connection.
upvoted 0 times
Kris
3 months ago
I agree, setting the IKE mode to Main (ID protection) on the HQ-FortiGate might do the trick.
upvoted 0 times
...
Tijuana
3 months ago
Option D is a good choice. It could help with the phase 1 connection.
upvoted 0 times
...
...

Save Cancel