Refer to the exhibit.
Examine the IPsec VPN phase 1 configuration shown in the exhibit.
An administrator wants to use certificate-based authentication for an IPsec VPN user.
Which three configuration changes must you make on FortiGate to perform certificate-based authentication for the IPsec VPN user? (Choose three.)
To perform certificate-based authentication for the IPsec VPN user on FortiGate, the following changes need to be made: Firstly, create a PKI user for the IPsec VPN user, and then configure the IPsec VPN tunnel to accept the PKI user as a peer certificate. This is because the VPN user will authenticate using a certificate rather than a pre-shared key. Next, in the Authentication section of the IPsec VPN tunnel, switch the Method drop-down list to Signature and select the certificate that FortiGate will use for the IPsec VPN. This change aligns with using certificate-based authentication as opposed to pre-shared keys. Lastly, import the Certificate Authority (CA) that signed the user's certificate to the FortiGate device. The CA's certificate is necessary for validating the user's certificate during the VPN establishment process. These steps collectively enable certificate-based authentication for the IPsec VPN user.
Option A is false because creating a PKI user for the IPsec VPN user is not required, as the user certificate can be verified by the CA certificate.
p. 79 study guide
ADE are the correct answers!! For sure you need to create PKI User
Sorry ABD