NSE 7 — Enterprise Firewall — Question 76

Which two statements about ADVPN are true? (Choose two.)

Answer options

• A. The hub adds routes based on IKE negotiations.
• B. You must configure phase 2 quick mode selectors to 0.0.0.0 0.0.0.0.
• C. All FortiGate devices must be in the same autonomous system (AS).
• D. You must disable add-route in the hub.

Correct answer: B, D

Explanation

Option B is correct because phase 2 quick mode selectors must indeed be set to 0.0.0.0 0.0.0.0 for proper ADVPN operation. Option D is also correct as the add-route feature must be disabled on the hub to prevent unwanted routing conflicts. Options A and C are incorrect because the hub does not automatically add routes based solely on IKE negotiations and FortiGate devices can operate across different autonomous systems.