NSE 8 – Network Security Expert — Question 1

There is an interface-mode IPsec tunnel configured between FortiGate1 and FortiGate2. You want to run OSPF over the IPsec tunnel. On both FortiGates. the
IPsec tunnel is based on physical interface port1. Port1 has the default MTU setting on both FortiGate units.
Which statement is true about this scenario?

Answer options

• A. A multicast firewall policy must be added on FortiGate1 and FortiGate2 to allow protocol 89.
• B. The MTU must be set manually in the OSPF interface configuration.
• C. The MTU must be set manually on the IPsec interface.
• D. An IP address must be assigned to the IPsec interface on FortiGate1 and FortiGate2.

Correct answer: B

Explanation

The correct answer is B because OSPF requires the MTU to be set explicitly in its interface configuration to avoid issues with packet fragmentation. Options A and D are incorrect as they pertain to multicast policies and IP address assignments, which are not necessary for OSPF operation in this context. Option C is also incorrect because the MTU needs to be set in the OSPF settings, not the IPsec interface.