nse5_fmg-72 Exam - Question 24

Question

Refer to the exhibit. If both FortiManager and FortiGate are behind the NAT devices, what are the two expected results? (Choose two. ).

Examice · Accepted Answer

When both FortiManager and FortiGate are behind NAT devices, the expected outcomes are: During discovery, the FortiManager NATed IP address is not set by default on FortiGate. This means that FortiGate won’t automatically know the FortiManager's NATed IP and it needs to be configured manually. Additionally, FortiGate is discovered by FortiManager through the FortiGate NATed IP address. This allows FortiManager to identify and manage FortiGate even when both are behind NAT devices.

GeniusA · Answer

AC is the correct answer

talix · Answer

A and C...
page 279

DatBroNZ · Answer

Tricky one. It seems three answers are valid:

A. Correct. It can be configured on the FortiGate, but it is not by default.
B. Wrong. FortiManager does not attempt to reestablish the FGFM tunnel to the FortiGate NATed IP address.
C. Correct.
D. Correct.

jfff · Answer

AC is the correct answer ortiManager does not attempt to reestablish the FGFM tunnel to the FortiGate

GoodServant · Answer

Look at the study guide on page 277 and 279, it clearly states that when the FMG is behind a NATed IP, then it is ONLY the FMG that can discover a new device, and also is the only one that can re-establish the FGFM tunnel after it is torn down. Literally stated on the first paragraph of page 277. Page 279 where both are NATed, affirms that the scenario plays out exactly the same as when only the FMG was NATed. 
What I don't like about the question, is that A is also true, but only by deductive reasoning. So B and C are the better choices as they are clearly stated in the study guide as such.

Redrum702 · Answer

AC:

B is wrong: FortiManager doesn't automatically attempt to reestablish the FGFM tunnel if it is torn down.

nse5_fmg-72 Exam - Question 24

Discussion