NSE 4 – FortiGate 6.0 — Question 57
An administrator wants to create a policy-based IPsec VPN tunnel betweeb two FortiGate devices. Which configuration steps must be performed on both devices to support this scenario? (Choose three.)
Answer options
- A. Define the phase 1 parameters, without enabling IPsec interface mode
- B. Define the phase 2 parameters.
- C. Set the phase 2 encapsulation method to transport mode
- D. Define at least one firewall policy, with the action set to IPsec.
- E. Define a route to the remote network over the IPsec tunnel.
Correct answer: A, B, D
Explanation
The correct steps are to define the phase 1 parameters (A), set the phase 2 parameters (B), and create a firewall policy for the IPsec tunnel (D). Options C and E are not required at this stage; phase 2 encapsulation can be set to either transport or tunnel mode depending on the scenario, and defining a route is not mandatory to establish the tunnel.