NSE 4 – FortiGate 6.2 — Question 65

An administrator has configured a route-based IPsec VPN between two FortiGate devices.
Which statement about this IPsec VPN configuration is true?

Answer options

• A. A phase 2 configuration is not required.
• B. This VPN cannot be used as part of a hub-and-spoke topology.
• C. A virtual IPsec interface is automatically created after the phase 1 configuration is completed.
• D. The IPsec firewall policies must be placed at the top of the list.

Correct answer: C

Explanation

Option C is correct because, in a route-based IPsec VPN, a virtual interface is indeed created once the phase 1 configuration is finalized, allowing for routing. Options A and B are incorrect as a phase 2 configuration is often necessary, and route-based VPNs can be utilized in hub-and-spoke designs. Option D is misleading since while proper ordering of policies is important, it is not a requirement that they be at the very top of the list.