NSE 4 – FortiGate 6.0 — Question 1

Which of the following conditions are required for establishing an IPSec VPN between two FortiGate devices? (Choose two.)

Answer options

• A. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
• B. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPSec.
• C. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.
• D. If the VPN is configured as a policy-based in one peer, it must also be configured as policy-based in the other peer.

Correct answer: B, C

Explanation

Option B is correct because a route-based VPN requires a corresponding firewall policy to handle IPSec traffic. Option C is also correct as a DialUp User configuration necessitates a compatible setup on the other peer. Options A and D are not required conditions for establishing the VPN connection.