Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet Exam NSE8_812 Topic 2 Question 31 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 31
Topic #: 2
[All NSE8_812 Questions]

Refer to the exhibit.

To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.

Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


Contribute your Thoughts:

Valene
2 months ago
This is easy, just gotta remember the ike-route enable. D and E are the other two for sure.
upvoted 0 times
Gary
1 months ago
Oh, got it. So it's D, E, and C for sure. Thanks!
upvoted 0 times
...
Cassi
1 months ago
No, A is not needed. It's D, E, and C that need to be added or changed.
upvoted 0 times
...
Soledad
2 months ago
I think D and E are correct, but what about A?
upvoted 0 times
...
...
Jani
2 months ago
I agree with Larue, those options make more sense for enabling this capability.
upvoted 0 times
...
Larue
3 months ago
But enabling mode-cfg and client selector seems more relevant for injecting IKE routes.
upvoted 0 times
...
Van
3 months ago
I disagree, I believe it's A, D, and E.
upvoted 0 times
...
Katlyn
3 months ago
Haha, the last one is a classic 'trick question'. Of course, it's D, E, and set ike-route enable!
upvoted 0 times
Erinn
2 months ago
Yeah, the last one is a classic 'trick question'.
upvoted 0 times
...
Florinda
2 months ago
No, it's definitely D, E, and set ike-route enable.
upvoted 0 times
...
Brett
2 months ago
Oh really? I thought it was A, B, and C.
upvoted 0 times
...
Rueben
3 months ago
Actually, it's D, E, and set ike-route enable.
upvoted 0 times
...
...
Larue
3 months ago
I think the answer is B, C, and E.
upvoted 0 times
...
Ronnie
3 months ago
Hmm, I think A, D, and E are the ones we need. Can't forget the ike-route enable option.
upvoted 0 times
Deeann
2 months ago
Yes, A, D, and E are the commands that need to be added or changed. The ike-route enable option is crucial for this configuration.
upvoted 0 times
...
Deeann
3 months ago
I agree, A, D, and E are the correct options. We definitely need the ike-route enable option.
upvoted 0 times
...
...
Becky
3 months ago
D, E, and set ike-route enable. That should do the trick!
upvoted 0 times
Aretha
3 months ago
Oh, got it. Thanks for the clarification!
upvoted 0 times
...
Kina
3 months ago
I think D and E are correct, but the command is actually set add-route enable, not set ike-route enable.
upvoted 0 times
...
...

Save Cancel