NSE 4 – FortiGate 7.0 — Question 33

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

Answer options

• A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.
• B. The client FortiGate requires a manually added route to remote subnets.
• C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.
• D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Correct answer: C, D

Explanation

The correct answers are C and D because the client FortiGate indeed uses the SSL VPN tunnel interface type for its connection, and the server FortiGate requires a CA certificate to validate the client certificate. Options A and B are incorrect as the client certificate is not mandatory in this context, and the route to remote subnets is not specifically required for SSL VPN connections.