FCP – FortiGate Administrator 7.6 — Question 7

You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment.
In which two ways can you effectively resolve the problem? (Choose two.)

Answer options

• A. You can turn off IKE fragmentation to fix large certificate negotiation problems.
• B. You should use IPsec to solve issues with fragment drops and large certificate exchanges.
• C. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).
• D. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

Correct answer: C, D

Explanation

The correct answers, C and D, involve strategies that directly address the issues caused by blocked ports in an SSL VPN environment. Option C utilizes SSL VPN tunnel mode to navigate around blocked ESP and UDP ports, while option D employs a hub-and-spoke topology to bypass these restrictions. Options A and B, while relevant to VPN configurations, do not specifically resolve the issue of blocked traffic in this context.