Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam FCSS_EFW_AD-7.4 Topic 5 Question 5 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.4 exam
Question #: 5
Topic #: 5
[All FCSS_EFW_AD-7.4 Questions]

Refer to the exhibit, which shows a network diagram showing the addition of site 2 with an overlapping network segment to the existing VPN IPsec connection between the hub and site 1.

Which IPsec phase 2 configuration must an administrator make on the FortiGate hub to enable equal-cost multi-path (ECMP) routing when multiple remote sites connect with overlapping subnets?

Show Suggested Answer Hide Answer
Suggested Answer: A

When multiple remote sites connect to the same hub using overlapping subnets, FortiGate needs to determine which route should be used for traffic forwarding. The route-overlap setting in IPsec Phase 2 allows FortiGate to handle this scenario by deciding whether to keep the existing route (use-old) or replace it with a new route (use-new).

In an ECMP (Equal-Cost Multi-Path) routing setup, both routes should be retained and balanced, but FortiGate does not support ECMP directly over overlapping routes in IPsec Phase 2. Instead, an administrator must decide which connection takes precedence using route-overlap settings.


by Ty at Apr 06, 2025, 09:54 AM

Limited Time Offer

25%

Off

Get Premium FCSS_EFW_AD-7.4 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Alease
1 months ago
Is it just me, or does this sound like a job for the 'Route Overlap Avoidance Squad'? Option B all the way!
upvoted 0 times
Tamesha
11 hours ago
Yeah, setting net-device to ecmp should help with the overlapping subnets.
upvoted 0 times
...
Hermila
22 days ago
I think option B is the way to go for ECMP routing.
upvoted 0 times
...
...
Jaleesa
1 months ago
Ah, the age-old dilemma of overlapping subnets. I'm feeling Option C, 'single-source to enable', has a certain charm to it. Why not keep it simple, right?
upvoted 0 times
Sabina
1 days ago
I'm leaning towards Option A, 'set route-overlap to either use-new or use-old'.
upvoted 0 times
...
Sabina
2 days ago
I agree, keeping it simple is usually the best approach.
upvoted 0 times
...
Theron
27 days ago
I think Option C sounds like a good choice.
upvoted 0 times
...
...
Winfred
1 months ago
I'm not sure, but I think the answer might be D) Set route-overlap to allow.
upvoted 0 times
...
Maricela
2 months ago
Hmm, this is a tricky one. I think Option A is the way to go - setting route-overlap to use-new or use-old should do the trick.
upvoted 0 times
Mammie
9 days ago
Yes, that should enable equal-cost multi-path routing for multiple remote sites with overlapping subnets.
upvoted 0 times
...
Luisa
21 days ago
I agree, setting route-overlap to use-new or use-old is the best option.
upvoted 0 times
...
...
Bobbye
2 months ago
I'm going with Option D. The 'allow' setting for route-overlap seems like the appropriate configuration to handle the overlapping subnets.
upvoted 0 times
Maira
11 hours ago
I agree, Option D seems like the most appropriate configuration for handling the overlapping subnets.
upvoted 0 times
...
Madalyn
1 days ago
I think Option D is the way to go. It allows for route-overlap, which should handle the overlapping subnets.
upvoted 0 times
...
Chantell
2 days ago
Yes, Option D is the correct configuration to enable ECMP routing with overlapping subnets.
upvoted 0 times
...
Rose
3 days ago
Setting route-overlap to allow makes sense for handling the overlapping subnets in this scenario.
upvoted 0 times
...
Janae
13 days ago
I agree, Option D is the best choice for enabling ECMP routing with multiple remote sites.
upvoted 0 times
...
Buffy
1 months ago
Option D is the way to go. It allows for route-overlap to handle the overlapping subnets.
upvoted 0 times
...
...
Sommer
2 months ago
Option B seems the most logical choice here. Setting net-device to ecmp should enable ECMP routing for the overlapping subnets.
upvoted 0 times
...
Tracey
2 months ago
I agree with Nadine, because setting route-overlap to either use-new or use-old would enable ECMP routing.
upvoted 0 times
...
Nadine
2 months ago
I think the answer is A) Set route-overlap to either use-new or use-old.
upvoted 0 times
...

Save Cancel