Site-to-Site IPSec VPN II

ADVPN

Which VPN topology does not allow direct communication between spokes?

Which VPN topology is the most fault tolerant?

FortiGate operation mode: NAT and transparent L2TP-over—lPsec: Yes GRE—over—lPsec: No Routing protocols: No Number of policies per VPN: One policy controls both traffic directions

FortiGate operation mode: Only NAT L2TP-over—lPsec: Yes GRE—over—lPsec: Yes Routing protocols: Yes Number of policies per VPN: Two policies (usually)—one for each direction

Transparent mode supports only policy-based VPNs

Generally, try to use policy-based because it offers more flexibility and control.

Traffic must be routed to the lPsec virtual network interface. Usually two firewall policies with the Action set to ACCEPT are required (one per direction).

One firewall policy with the Action set to lPsec is required. By default, hidden on the GUI. To show.

Wizard vpn creates only route-based VPNs

SD-WAN feature can also be used for VPN redundancy.

[blank_start]1-[blank_end] Add one phase 1 configuration for each tunnel. Dead peer detection (DPD) must be enabled on both ends. [blank_start]2-[blank_end] Add at least one phase 2 definition for each phase 1. [blank_start]3-[blank_end] Add one static route for each path. Use distance or priority to select primary routes over backup routes. Alternatively, use dynamic routing. [blank_start]4-[blank_end] Configure firewall policies for each lPsec interface.

When configuring policy-based VPN, what option do you need to select for the Action setting?

Which of the following statements about route-based VPN is correct?

diagnose vpn tunnel list - command to verify if traffic is offloaded.

Keeping a real-time debug running on the background of a FortiGate for a long time it is necessary some times.

?

Which one of the following messages indicates that both ingress and egress ESP packets will be offloaded?

If you enable NAT in the firewall policy for VPN, which of the following issues may occur?