NSE 7 – LAN Edge 7.0 — Question 44

An administrator is deploying APs that are connecting over an IPsec network. All APs have been configured to connect to FortiGate manually. FortiGate can discover the Aps and authorize them. However, FortiGate is unable to establish CAPWAP tunnels to manage the APs.

Which configuration setting can the administrator perform to resolve the problem?

Answer options

• A. Upgrade the FortiAP firmware image to ensure compatibility with the FortiOS version.
• B. Assign a custom AP profile for the remote APs with the set mpls-connection option enabled.
• C. Decrease the CAPWAP tunnel MTU size for APs to prevent fragmentation.
• D. Enable CAPWAP administrative access on the IPsec interface.

Correct answer: D

Explanation

The correct answer is D because enabling CAPWAP administrative access on the IPsec interface allows FortiGate to establish the CAPWAP tunnels needed to manage the APs. Options A, B, and C may address other concerns but do not directly resolve the issue of establishing the CAPWAP tunnels.