FCP – FortiGate Administrator 7.6 — Question 86

You are encountering connectivity problems caused by intermediate devices blocking IPsec traffic.

In which two ways can you effectively resolve the problem? (Choose two.)

Answer options

• A. You can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).
• B. You can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.
• C. You can turn on fragmentation to fix large certificate negotiation problems.
• D. You should use the protocol IKEv2.

Correct answer: A, B

Explanation

Options A and B are correct because they provide alternative methods to route traffic securely without being hindered by blocked IPsec ports. Option C does not address the underlying connectivity issue caused by blocked ports, and Option D, while a good protocol choice, does not directly resolve the problem of connectivity due to intermediate device restrictions.