Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
To establish an SSL VPN connection between two FortiGate devices, two critical configurations are required. Firstly, the server FortiGate needs a CA certificate to verify the client FortiGate's certificate, ensuring trusted authentication between the devices. Secondly, the client FortiGate must have an SSL VPN tunnel interface type configured to establish the connection through the VPN tunnel. These configurations are essential for secure communication and proper functionality of the SSL VPN.
C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate. D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN. FortiGate Infrastructure 7.2 Study Guide (p.200): "The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type" "The FortiGate devices must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate." Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
What if they are using Web Mode SSL VPN?
The question is not considering SSL VPN for client workstations. It is asking about a Fortigate firewall acting as a SSL VPN client. So the aproach is a little bit different from a client computer and Web mode does not apply in this situation.
https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/508779/fortigate-as-ssl-vpn-client The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type. The FortiGates must have a proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate.
To establish an SSL VPN connection between two FortiGate devices, the following two settings are required: B. The client FortiGate requires a client certificate signed by the CA on the server FortiGate. This ensures mutual authentication between the two devices, where the server verifies the client's certificate during the SSL handshake. C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate. This is necessary for the server to authenticate the client's certificate. So, the correct options are B and C.
FortiGate Infrastructure 7.2 Study Guide p.200
7.2 SEC 200
correction 7.2 INF 200
Security pag 582 This configuration requires proper CA certificate installatin as the SSL VPN cliente FortiGate/user uses PSK and a PKI client certificate to authenticate. The FG devices must have the proper CA certificaate installed to verity the certificate chain to the root CA that signed the certificate. link: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/508779/fortigate-as-ssl-vpn-client The SSL VPN server has a custom server certificate defined, and the SSL VPN client user uses PSK and a PKI client certificate to authenticate. The FortiGates must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate.
El cliente debe instalar en su maquina local el software de autenticación el cual es el encargado de establecer la firma HA, este mismo es enviado al FortiGate el cual almacena el certificado HA. Cada vez que se vaya a hacer una conexión o petición el FortiGate compara los dos certificados, y si concuerdan, deja pasar la petición
So you mean CD are the correct answers right ?
Yeah CD are correct
He always puts the answers wrong
No matter when you read Santi, unfortunately he's always wrong. Seems done on purpose.
C. The server FortiGate requires a CA certificate to verify the client FortiGate certificate. D. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN. To establish an SSL VPN connection between two FortiGate devices, the following two settings are required: The server FortiGate requires a CA certificate to verify the client FortiGate certificate: The server FortiGate will use a CA (Certificate Authority) certificate to verify the client FortiGate certificate, ensuring that the client device is trusted and allowed to establish an SSL VPN connection. The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN: The client FortiGate must have an SSL VPN tunnel interface type configured in order to establish an SSL VPN connection. This interface type will be used to connect to the server FortiGate over the SSL VPN.
Does anyone know if new questions were added in version FGT-7.4?
CD is correct. C: Server makes PKI user with CA cert. Server verifies and client authenticates with same CA cert. D: The client configures an SSLVPN Tunnel interface. B is incorrect. There are no client certificates used, only CA certs.
C y D en Security para tunnel mode - Fortigate as client: Requires proper CA certificate on SSL VPN Server Fortigate. Use SSL VPN Tunnel interface type.
C y D en Security para tunnel mode - Fortigate as client: Requires proper CA certificate on SSL VPN Server Fortigate. Use SSL VPN Tunnel interface type.
C and D
C: This configuration requires proper CA certificate installation as the SSL VPN client FortiGate/user uses PSK and a PKI client certificate to authenticate. The FortiGate devices must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate. D: The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type.
C and D are the right answers.