NSE 4 – FortiGate 6.2 — Question 19

Which two conditions are required for establishing an IPsec VPN between two FortiGate devices? (Choose two.)

Answer options

• A. If the VPN is configured as policy-based in one peer, it must also be configured as policy-based in the other peer.
• B. If the VPN is configured as DialUp User in one peer, it must be configured as either Static IP Address or Dynamic DNS in the other peer.
• C. If XAuth is enabled as a server in one peer, it must be enabled as a client in the other peer.
• D. If the VPN is configured as route-based, there must be at least one firewall policy with the action set to IPsec.

Correct answer: B, C

Explanation

Option B is correct because a DialUp User configuration requires the other peer to have a matching Static IP Address or Dynamic DNS setup. Option C is correct since XAuth must be enabled in both peers to authenticate users properly. Options A and D are incorrect as they address different configurations that do not apply to the requirements for establishing an IPsec VPN between the devices.