New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet NSE8_812 Exam - Topic 1 Question 12 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 12
Topic #: 1
[All NSE8_812 Questions]

Refer to the exhibit.

To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.

Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Lemuel at Nov 25, 2023, 10:43 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Shalon
3 months ago
Not sure about E, does it really make a difference?
upvoted 0 times
...
Ammie
3 months ago
Totally agree with D, it’s crucial for ADVPN setups.
upvoted 0 times
...
Skye
3 months ago
Wait, why would you disable net-device? Seems risky!
upvoted 0 times
...
Justa
4 months ago
I think B is also a must-have for proper config.
upvoted 0 times
...
Marta
4 months ago
Gotta go with D, it’s essential for route injection.
upvoted 0 times
...
Carlton
4 months ago
I feel like "set ike-version 1" might not be the right choice for this scenario. I think we usually use version 2 for better security.
upvoted 0 times
...
Willow
4 months ago
I practiced a similar question where "set net-device disable" was mentioned, but I'm not sure if it applies here.
upvoted 0 times
...
Tiera
4 months ago
I'm a bit unsure about "set mode-cfg enable." It sounds familiar, but I can't recall if it's essential for ADVPN.
upvoted 0 times
...
Hortencia
5 months ago
I think I remember that "set add-route enable" is definitely one of the commands we need for injecting IKE routes.
upvoted 0 times
...
Tyisha
5 months ago
I'm not entirely sure about this one. I'll need to carefully read through the options and try to match them up with the requirements in the question. Hopefully, I can eliminate a few of the choices and narrow it down.
upvoted 0 times
...
Barney
5 months ago
This seems straightforward enough. I'm pretty confident I can identify the three correct commands to enable the IKE route injection capability on the FortiGate spoke config.
upvoted 0 times
...
Martina
5 months ago
Okay, I think I've got this. The key is to look for the options that specifically mention enabling or configuring the IKE route injection functionality. I'll focus on those and try to eliminate the irrelevant ones.
upvoted 0 times
...
Valene
5 months ago
This looks like a tricky configuration question. I'll need to carefully read through the options and think about which ones are most relevant to enabling IKE route injection on the ADVPN shortcut tunnels.
upvoted 0 times
...
Alba
5 months ago
Hmm, I'm a bit confused by the terminology here. I'll need to review my notes on SD-WAN, ADVPN, and FortiGate VPN configurations to make sure I understand the context before trying to answer this.
upvoted 0 times
...
Shawn
5 months ago
Virtual Private Cloud (VPC) seems like the obvious answer to me. It's Alibaba Cloud's service for creating a secure, isolated network environment that you can customize. The other options like Leased Line and Express Connect don't really fit the requirements.
upvoted 0 times
...
Freeman
5 months ago
I'm not so sure about Zipkin and Skywalking being supported. I might need to double-check that.
upvoted 0 times
...
Terina
2 years ago
Ha! 'set ike-version 1' - someone's still living in the past. I bet most FortiGate deployments these days are using IKEv2. But I guess we should cover our bases and include that option just in case.
upvoted 0 times
...
Glynda
2 years ago
Hmm, I'm not sure about the 'set mode-cfg-allow-client-selector enable' option. Does that have to do with client VPN connections or something? I'll need to double-check the FortiGate documentation on that one.
upvoted 0 times
...
Lajuana
2 years ago
The key here is enabling the ADVPN shortcut tunnels and allowing the IKE routes to be injected. I think the 'set add-route enable' option is definitely required for that.
upvoted 0 times
Tarra
2 years ago
E) set mode-cfg-allow-client-selector enable
upvoted 0 times
...
William
2 years ago
D) set add-route enable
upvoted 0 times
...
Xenia
2 years ago
B) set mode-cfg enable
upvoted 0 times
...
...
Mitzie
2 years ago
This question seems pretty straightforward, but I'm not too familiar with the FortiGate configuration options for ADVPN. I'll need to carefully review the options to make sure I select the right ones.
upvoted 0 times
...

Save Cancel