FCP – FortiGate Administrator 7.6 — Question 66

Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)

Answer options

• A. The server FortiGate requires a CA certificate to verify the client FortiGate certificate.
• B. The client FortiGate requires a manually added route to remote subnets.
• C. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
• D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN.

Correct answer: A, D

Explanation

The correct answers are A and D because the server FortiGate indeed needs a CA certificate to authenticate the client FortiGate's certificate, and the client FortiGate must have the SSL VPN tunnel interface type configured to connect to the SSL VPN. Option B is incorrect as the route is not a mandatory requirement for the SSL VPN to function, and option C is not required since the SSL VPN can operate with just the proper tunnel interface and CA certificate validation.