Refer to the exhibit.
The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are configured in transparent mode.
The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet. The To_Internet VDOM is the only VDOM with internet access and is directly connected to ISP modem.
With this configuration, which statement is true?
Inter-VDOM links are required to allow traffic between the Local and Root VDOMs because traffic from one VDOM cannot pass to another VDOM without these links. Additionally, the inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs, which is necessary since at least one VDOM must be in NAT mode to facilitate such communication, avoiding potential Layer 2 loops. The other options are incorrect because a default static route is required on the To_Internet VDOM for LAN users to access the internet, and inter-VDOM links are necessary for the Root VDOM to manage other VDOMs.
B is not true, a defaut static route is needed.
No, FG can get dynamic default route from ISP.
How? with the help of magic?? it should be necessary a routing protocol in case but nothing is specified, any assumption can lead an error. It is reported which statement is true? It is not plural. Only A.
A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs. B. A default static route is not required on the To_Internet VDOM to allow LAN users to access the internet./ Basic routing. C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs. / At least one of the VDOMs must be operating in NAT mode. This, among other benefits, prevents potential Layer 2 loops. D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM./ Similar to FG w/o VDOMs enabled, the admin VDOM should have outgoing Internet access. Otherwise, features such as scheduled FortiGuard updates will fail.
Pretty bad question in my opinion. It should provide more information, does the fortigate get route to the internet through a dynamic route protocol/is dhcp enabled on ISP router? Inter-vdom links are technically required for communication but alone won't cause the traffic to pass. While the management vdom should have internet access, it is TECHNICALLY not required. If it said "It's best practice to.." it would be a different story.
I would say only A because most of the time company will use Static public IP, but think about it, if the ISP provides a dynamic public IP to the Fortigate, will it have a dynamic route?
Is A for sure, and only 1 Answer is required
Correct: A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs. Incorrect: B. A default static route is not required on the To_Internet VDOM to allow LAN users to access the internet. C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs. (transparent-transparent) D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM. FortiGate Infrastructure 7.2 Study Guide: "Each VDOM has independent security policies and routing tables. Also, and by default, traffic from one VDOM cannot go to a different VDOM" (p.71) "...you cannot create an inter-VDOM link between Layer 2 transparent mode VDOMs. At least one of the VDOMs must be operating in NAT mode" (p.101) "Similar to FortiGate without VDOMs enabled, the management VDOM should have outgoing internet access. Otherwise, features such as scheduled FortiGuard updates, fail" (p.73) Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
only A
You need a static route on the To_Internet VDOM
We can use cables to interconnect VDOMs so Inter-VDOM link is not a requirement, but a feature. Inter-VDOM link does not allow traffic, it creates a path. The security policy can allow the traffic. A static default route is not needed, a route or multiple routes to the internet are needed, static or not.
Root vdom is used only as management Vdom and not required inter links, correct answers are A and C
Selected Answer: AD
The question doesn't ask for multiple correct statements or am i missing anything? bccabrera's & Poeblas statements are correct, why are so many people selecting two answers?
The question does not say choose 2. So why choose 2 answers, correct answer is A