Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam FCSS_EFW_AD-7.4 Topic 5 Question 5 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.4 exam
Question #: 5
Topic #: 5
[All FCSS_EFW_AD-7.4 Questions]

Refer to the exhibit, which shows a network diagram showing the addition of site 2 with an overlapping network segment to the existing VPN IPsec connection between the hub and site 1.

Which IPsec phase 2 configuration must an administrator make on the FortiGate hub to enable equal-cost multi-path (ECMP) routing when multiple remote sites connect with overlapping subnets?

Show Suggested Answer Hide Answer
Suggested Answer: A

When multiple remote sites connect to the same hub using overlapping subnets, FortiGate needs to determine which route should be used for traffic forwarding. The route-overlap setting in IPsec Phase 2 allows FortiGate to handle this scenario by deciding whether to keep the existing route (use-old) or replace it with a new route (use-new).

In an ECMP (Equal-Cost Multi-Path) routing setup, both routes should be retained and balanced, but FortiGate does not support ECMP directly over overlapping routes in IPsec Phase 2. Instead, an administrator must decide which connection takes precedence using route-overlap settings.


by Ty at Apr 06, 2025, 09:54 AM

Limited Time Offer

25%

Off

Get Premium FCSS_EFW_AD-7.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alease
2 months ago
Is it just me, or does this sound like a job for the 'Route Overlap Avoidance Squad'? Option B all the way!
upvoted 0 times
Fletcher
14 days ago
Definitely, that's the best choice for the Route Overlap Avoidance Squad.
upvoted 0 times
...
Tamesha
15 days ago
Yeah, setting net-device to ecmp should help with the overlapping subnets.
upvoted 0 times
...
Hermila
1 months ago
I think option B is the way to go for ECMP routing.
upvoted 0 times
...
...
Jaleesa
2 months ago
Ah, the age-old dilemma of overlapping subnets. I'm feeling Option C, 'single-source to enable', has a certain charm to it. Why not keep it simple, right?
upvoted 0 times
Chana
7 days ago
That could work too, as long as it resolves the overlapping subnets issue.
upvoted 0 times
...
Sabina
16 days ago
I'm leaning towards Option A, 'set route-overlap to either use-new or use-old'.
upvoted 0 times
...
Sabina
17 days ago
I agree, keeping it simple is usually the best approach.
upvoted 0 times
...
Theron
1 months ago
I think Option C sounds like a good choice.
upvoted 0 times
...
...
Winfred
2 months ago
I'm not sure, but I think the answer might be D) Set route-overlap to allow.
upvoted 0 times
...
Maricela
2 months ago
Hmm, this is a tricky one. I think Option A is the way to go - setting route-overlap to use-new or use-old should do the trick.
upvoted 0 times
Mammie
24 days ago
Yes, that should enable equal-cost multi-path routing for multiple remote sites with overlapping subnets.
upvoted 0 times
...
Luisa
1 months ago
I agree, setting route-overlap to use-new or use-old is the best option.
upvoted 0 times
...
...
Bobbye
2 months ago
I'm going with Option D. The 'allow' setting for route-overlap seems like the appropriate configuration to handle the overlapping subnets.
upvoted 0 times
Jerilyn
13 days ago
Yes, Option D is the correct choice to enable ECMP routing with multiple remote sites connecting with overlapping subnets.
upvoted 0 times
...
Barrie
14 days ago
Setting route-overlap to allow makes sense in this scenario to enable ECMP routing with overlapping subnets.
upvoted 0 times
...
Maira
15 days ago
I agree, Option D seems like the most appropriate configuration for handling the overlapping subnets.
upvoted 0 times
...
Madalyn
16 days ago
I think Option D is the way to go. It allows for route-overlap, which should handle the overlapping subnets.
upvoted 0 times
...
Chantell
17 days ago
Yes, Option D is the correct configuration to enable ECMP routing with overlapping subnets.
upvoted 0 times
...
Rose
18 days ago
Setting route-overlap to allow makes sense for handling the overlapping subnets in this scenario.
upvoted 0 times
...
Janae
28 days ago
I agree, Option D is the best choice for enabling ECMP routing with multiple remote sites.
upvoted 0 times
...
Buffy
2 months ago
Option D is the way to go. It allows for route-overlap to handle the overlapping subnets.
upvoted 0 times
...
...
Sommer
2 months ago
Option B seems the most logical choice here. Setting net-device to ecmp should enable ECMP routing for the overlapping subnets.
upvoted 0 times
...
Tracey
2 months ago
I agree with Nadine, because setting route-overlap to either use-new or use-old would enable ECMP routing.
upvoted 0 times
...
Nadine
2 months ago
I think the answer is A) Set route-overlap to either use-new or use-old.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77