Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 2 Question 40 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 40
Topic #: 2
[All NSE8_812 Questions]

Refer to the exhibit.

To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.

Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Leana at Jan 12, 2025, 04:14 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Bettyann
1 months ago
D, E, and A. Easy peasy, just like configuring a router in the 90s. *chuckles* Those were the good old days when VPNs didn't make me want to pull my hair out.
upvoted 0 times
Mohammad
9 days ago
Yeah, configuring routers back in the 90s was a breeze compared to now.
upvoted 0 times
...
Gearldine
23 days ago
I remember those days, setting up VPNs was much simpler back then.
upvoted 0 times
...
...
Filiberto
1 months ago
Why do I always get the VPN and ADVPN questions on these exams? I'm more of a firewall guy, but let me give it a shot - D, E, and A look good to me.
upvoted 0 times
Jade
21 days ago
User2: Thanks for the info. I'll keep that in mind for future reference.
upvoted 0 times
...
Nilsa
24 days ago
User1: D, E, and A are the correct commands to enable injecting of IKE routes on the ADVPN shortcut tunnels.
upvoted 0 times
...
...
Filiberto
2 months ago
I think B and C are unnecessary for this task. The important ones are D, E, and A to get the VPN interface ready for the IKE route injection.
upvoted 0 times
...
Harrison
2 months ago
I believe we also need to add A) set net-device disable and E) set mode-cfg-allow-client-selector enable for complete configuration.
upvoted 0 times
...
Jade
2 months ago
D, E, and A seem like the correct options to enable IKE route injection on the ADVPN shortcut tunnels. The set add-route enable command is crucial for this functionality.
upvoted 0 times
Tresa
1 months ago
Yes, the set add-route enable command is crucial for this functionality.
upvoted 0 times
...
Raul
1 months ago
I think D, E, and A are the correct options for enabling IKE route injection on the ADVPN shortcut tunnels.
upvoted 0 times
...
...
Alisha
2 months ago
I agree with Kimi, enabling route injection is crucial for SD-WAN/ADVPN deployment.
upvoted 0 times
...
Kimi
2 months ago
I think the answer is D) set add-route enable.
upvoted 0 times
...

Save Cancel