NSE 4 – FortiGate 6.2 — Question 113
Consider a new IPsec deployment with the following criteria:
✑ All satellite offices must connect to the two HQ sites.
✑ The satellite offices do not need to communicate directly with other satellite offices.
✑ Backup VPN is not required.
✑ The design should minimize the number of tunnels being configured.
Which topology should you use to satisfy all of the requirements?
Answer options
- A. Partial mesh
- B. Redundant
- C. Full mesh
- D. Hub-and-spoke
Correct answer: D
Explanation
The Hub-and-spoke topology is the most suitable for this scenario as it allows all satellite offices to connect to the two HQ sites without requiring direct communication between them, thus minimizing the number of tunnels. In contrast, Full mesh and Partial mesh topologies would create unnecessary complexity and more tunnels than needed, while the Redundant option is irrelevant since a backup VPN is not required.