Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 1 Question 14 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 14
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibit.

To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.

Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Kenneth at Dec 21, 2023, 08:40 AM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jose
24 days ago
Haha, I love how the question is so specific. It's like they're really trying to trick us, but we're too smart for that, right guys?
upvoted 0 times
...
Pansy
25 days ago
Definitely, I'm leaning towards options B, D, and E. Setting mode-cfg to enable, adding-route to enable, and allowing the client selector seems like the way to go.
upvoted 0 times
Clorinda
6 days ago
Great, the FortiGate devices are now ready for the large-scale deployment of SD-WAN/ADVPN.
upvoted 0 times
...
Kristin
7 days ago
The configuration should now support injecting IKE routes on the ADVPN shortcut tunnels.
upvoted 0 times
...
Kanisha
8 days ago
Let's go ahead and make those changes to the FortiGate devices.
upvoted 0 times
...
Laurel
9 days ago
So, we all agree on options B, D, and E for the configuration.
upvoted 0 times
...
Maryrose
10 days ago
Enabling client selector with option E could be beneficial.
upvoted 0 times
...
Kirk
11 days ago
Option D seems like a good choice to enable adding routes.
upvoted 0 times
...
Yvette
12 days ago
I think option B makes sense as well.
upvoted 0 times
...
...
Lashanda
26 days ago
I agree, the question is pretty clear. Based on the options, I think we need to look for commands that enable or configure the mode-cfg and IKE settings.
upvoted 0 times
...
Sang
27 days ago
Hmm, this question seems pretty straightforward. We need to enable the injection of IKE routes on the ADVPN shortcut tunnels, so the key commands are probably related to that functionality.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77