NSE 4 – FortiGate 6.2 — Question 72

Why must you use aggressive mode when a local FortiGate IPsec gateway hosts multiple dialup tunnels?

Answer options

• A. Main mode does not support XAuth for user authentication.
• B. In aggressive mode, the remote peers are able to provide their peer IDs in the first message.
• C. FortiGate is able to handle NATed connections only in aggressive mode.
• D. FortiClient supports only aggressive mode.

Correct answer: B

Explanation

Aggressive mode is necessary because it allows remote peers to send their peer IDs right in the initial message, which is crucial for establishing multiple dialup tunnels. Main mode, on the other hand, does not facilitate this capability, and the other options regarding NATed connections and FortiClient limitations do not address the core reason for using aggressive mode in this context.