NSE 4 – FortiGate 6.0 — Question 47

An administrator has configured a route-based IPsec VPN between two FortiGate devices. Which statement about this IPsec VPN configuration is true?

Answer options

• A. A phase 2 configuration is not required.
• B. This VPN cannot be used as part of a hub-and-spoke topology.
• C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
• D. The IPsec firewall policies must be placed at the top of the list.

Correct answer: C

Explanation

The correct answer is C because in a route-based IPsec VPN, a virtual IPsec interface is indeed created automatically after completing the phase 1 configuration. Option A is incorrect as a phase 2 configuration is typically needed for traffic to flow. Option B is false because route-based VPNs can support hub-and-spoke topologies. Option D is also incorrect; while policy order can matter, there is no strict requirement for IPsec firewall policies to be placed at the top of the list.