NSE 4 – FortiGate 5.4 — Question 5

An administrator wants to create a policy-based IPsec VPN tunnel between two FortiGate devices.
Which configuration steps must be performed on both units to support this scenario? (Choose three.)

Answer options

• A. Define the phase 2 parameters.
• B. Set the phase 2 encapsulation method to transport mode.
• C. Define at least one firewall policy, with the action set to IPsec.
• D. Define a route to the remote network over the IPsec tunnel.
• E. Define the phase 1 parameters, without enabling IPsec interface mode.

Correct answer: A, C, E

Explanation

The correct answers are A, C, and E because defining the phase 2 parameters ensures the tunnel is correctly configured, establishing a firewall policy with IPsec action is essential for traffic routing, and setting phase 1 parameters without enabling interface mode is necessary for policy-based VPNs. Options B and D are incorrect as they either specify an encapsulation mode not relevant for policy-based VPNs or discuss routing which is not directly part of the initial configuration steps required.