New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE8_812 Topic 1 Question 12 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 12
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibit.

To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.

Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


Contribute your Thoughts:

Terina
8 months ago
Ha! 'set ike-version 1' - someone's still living in the past. I bet most FortiGate deployments these days are using IKEv2. But I guess we should cover our bases and include that option just in case.
upvoted 0 times
...
Glynda
8 months ago
Hmm, I'm not sure about the 'set mode-cfg-allow-client-selector enable' option. Does that have to do with client VPN connections or something? I'll need to double-check the FortiGate documentation on that one.
upvoted 0 times
...
Lajuana
8 months ago
The key here is enabling the ADVPN shortcut tunnels and allowing the IKE routes to be injected. I think the 'set add-route enable' option is definitely required for that.
upvoted 0 times
Tarra
8 months ago
E) set mode-cfg-allow-client-selector enable
upvoted 0 times
...
William
8 months ago
D) set add-route enable
upvoted 0 times
...
Xenia
8 months ago
B) set mode-cfg enable
upvoted 0 times
...
...
Mitzie
8 months ago
This question seems pretty straightforward, but I'm not too familiar with the FortiGate configuration options for ADVPN. I'll need to carefully review the options to make sure I select the right ones.
upvoted 0 times
...

Save Cancel