Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Fortinet Exam NSE8_812 Topic 2 Question 40 Discussion

Actual exam question for Fortinet's NSE8_812 exam
Question #: 40
Topic #: 2
[All NSE8_812 Questions]

Refer to the exhibit showing an SD-WAN configuration.

According to the exhibit, if an internal user pings 10.1.100.2 and 10.1.100.22 from subnet 172.16.205.0/24, which outgoing interfaces will be used?

Show Suggested Answer Hide Answer
Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0


by Leana at Jan 12, 2025, 04:14 PM

Limited Time Offer

25%

Off

Get Premium NSE8_812 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Rima
21 days ago
I wonder if the correct answer is 'All of the above' and they're just trying to confuse us. What is this, a Riddler exam?
upvoted 0 times
...
Na
25 days ago
Ah, the joys of networking exams. I feel like I'm playing a game of SD-WAN Tetris here.
upvoted 0 times
...
Rodolfo
27 days ago
I don't know, this exhibit is making my head spin. I'll just close my eyes and randomly pick an answer. Eeny, meeny, miny, moe...
upvoted 0 times
...
Launa
28 days ago
Wait, is this a trick question? Why would it use the same port for both pings? I'm leaning towards option C.
upvoted 0 times
Eric
14 days ago
User 2: Yeah, I agree. It wouldn't make sense to use the same port for both pings.
upvoted 0 times
...
Jenelle
20 days ago
User 1: I think it's a trick question too. Option C seems like the right choice.
upvoted 0 times
...
...
Charlene
1 months ago
Hmm, this seems straightforward. I think I'll go with option A, since the exhibit shows the 172.16.205.0/24 subnet is connected to port16 and port1.
upvoted 0 times
...
Yuette
2 months ago
I'm not sure, but I think the answer might be C) port16 and port15. Can someone explain why it's not the correct answer?
upvoted 0 times
...
Katina
2 months ago
I agree with Francine, because the traffic will go out through port16 to reach 10.1.100.2 and port1 to reach 10.1.100.22.
upvoted 0 times
...
Francine
2 months ago
I think the answer is A) port16 and port1.
upvoted 0 times
...

Save Cancel