NSE 4 – FortiGate 6.0 — Question 80

Why must you use aggressive mode when a local FortiGate IPSec gateway hosts multiple dialup tunnels?

Answer options

• A. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
• B. FortiGate is able to handle NATed connections only in aggressive mode.
• C. FortiClient only supports aggressive mode.
• D. Main mode does not support XAuth for user authentication.

Correct answer: A

Explanation

Aggressive mode allows remote peers to send their peer IDs in the initial message, which is crucial for establishing multiple dialup tunnels. The other options are incorrect because NATed connections can be handled in both modes, FortiClient is not limited to aggressive mode, and XAuth is indeed supported in main mode.