Fortinet Exam FCP_FGT_AD-7.6 Topic 3 Question 6 Discussion

Actual exam question for Fortinet's FCP_FGT_AD-7.6 exam

Question #: 6
Topic #: 3

[All FCP_FGT_AD-7.6 Questions]

You are analyzing connectivity problems caused by intermediate devices blocking traffic in SSL VPN environment.

In which two ways can you effectively resolve the problem? (Choose two.)

AYou can turn off IKE fragmentation to fix large certificate negotiation problems.

BYou should use IPsec to solve issues with fragment drops and large certificate exchanges.

CYou can use SSL VPN tunnel mode to prevent problems with blocked ESP and UDP ports (500 or 4500).

DYou can configure a hub-and-spoke topology with SSL VPN tunnels to bypass blocked UDP ports.

Show Suggested Answer

Suggested Answer: A, C

Disabling IKE fragmentation helps resolve issues caused by intermediate devices blocking large fragmented packets during certificate negotiation.

Using SSL VPN tunnel mode encapsulates traffic over HTTPS, bypassing blocks on ESP and UDP ports commonly used by IPsec.

by Myong at Jul 08, 2025, 01:46 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

2 days ago

A and C, that's the way to go! Turning off IKE fragmentation and using SSL VPN tunnel mode can definitely help with those pesky connectivity issues.

upvoted 0 times

...

8 days ago

I agree with Goldie, but I also think option C is important because using SSL VPN tunnel mode can prevent blocked ESP and UDP ports.

upvoted 0 times

...

15 days ago

I think option A is a good choice because turning off IKE fragmentation can help with certificate negotiation problems.

upvoted 0 times

...