NSE 4 – FortiGate 6.0 — Question 42

Which of the following statements about policy-based IPsec tunnels are true? (Choose two.)

Answer options

• A. They can be configured in both NAT/Route and transparent operation modes.
• B. They support L2TP-over-IPsec.
• C. They require two firewall policies: one for each directions of traffic flow.
• D. They support GRE-over-IPsec.

Correct answer: A, B

Explanation

Option A is correct because policy-based IPsec tunnels can indeed be set up in both NAT/Route and transparent modes. Option B is also accurate as these tunnels support L2TP-over-IPsec. Options C and D are incorrect because policy-based IPsec tunnels do not require two firewall policies for both traffic directions and do not support GRE-over-IPsec.