NSE 4 – FortiGate 5.4 — Question 9

Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?

Answer options

• A. The FortiGate is able to handle NATed connections only with aggressive mode.
• B. FortiClient supports aggressive mode.
• C. The remote peers are able to provide their peer IDs in the first message with aggressive mode.
• D. Main mode does not support XAuth for user authentication.

Correct answer: C

Explanation

The correct answer is C because aggressive mode allows remote peers to send their peer IDs immediately in the first message, facilitating the identification and connection process. Options A and B are incorrect as they do not accurately describe aggressive mode's functions, and option D is wrong since main mode does support XAuth, but it does not allow for the peer ID to be communicated as early as aggressive mode does.