NSE 7 — Enterprise Firewall — Question 31

You created a VPN community using VPN Manager on FortiManager. You also added gateways to the VPN community. Now you are trying to create firewall policies to permit traffic over the tunnel; however, the VPN interfaces do not appear as available options.
What step must you take to resolve this issue?

Answer options

• A. Refresh the device status using the Device Manager so that FortiGate populates the IPSec interfaces.
• B. Install the VPN community and gateway configuration on the FortiGate devices so that the VPN interfaces appear on the Policy Objects on FortiManager.
• C. Configure the phase 1 settings in the VPN community that you didn’t initially configure. FortiGate automatically generates the interfaces after you configure the required settings.
• D. Create interface mappings for the IPsec VPN interfaces before you use them in a policy.

Correct answer: B

Explanation

The correct answer is B because installing the VPN community and gateway configuration on the FortiGate devices is essential for the VPN interfaces to show up in FortiManager's Policy Objects. Option A is incorrect because refreshing the device status alone does not ensure the interfaces become available. Option C is also wrong since configuring phase 1 settings alone does not directly create the interfaces without first installing the configuration. Finally, option D is not applicable because the interface mappings need to be established after the interfaces are created, not before.