nse4_fgt-72 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse4_fgt-72 Exam - Question 16

A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.

All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.

Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)

Show Answer
Correct Answer: ABD

To ensure that traffic is routed through the primary tunnel when both tunnels are up and to have the secondary tunnel used only if the primary tunnel goes down, the static routes must be configured with a lower distance for the primary tunnel and a higher distance for the secondary tunnel. This ensures that the primary tunnel is preferred. Additionally, enabling Dead Peer Detection (DPD) is necessary for detecting a dead tunnel to speed up the failover process by monitoring the status of the tunnel connections.

Discussion

17 comments
Sign in to comment
raydel92Options: BD
Sep 8, 2023

B. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel. D. Enable Dead Peer Detection. Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html

geroboamoOptions: BD
May 16, 2023

B - a lower distance will be preferred for route selection D - Dead peer detection will detect tunnel failure

tscholzOptions: BD
Jan 13, 2023

Lower distance = higher priority Dead peer detection does heartbeat testing of VPN tunnels.

NambialagarOptions: BD
Aug 6, 2023

Answer: BD. Study Guide: Infra: Page 276

Slash_JMOptions: BD
Aug 29, 2023

FortiGate Infrastructure 7.2 Study Guide p.276

chihebOptions: BD
Jan 8, 2023

BD are correct

kosta_georgievOptions: BD
Jan 18, 2023

Correct answers are B and D Lower distance means higher priority DPD is used to check the status of the tunnel by sending hello packets between peers.

Tumza2023
Feb 9, 2023

I just wrote NSE4 7.2 exam and I failed it. It shows that I got no answer correctly on routing. I looked a these questions and answers compared with the official fortinet exam and I can see that I got the answers correctly. How do I query this with fortinet or pearson vue in order for my exam to be reviewed ? my email <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c7aaa6b3aba6aba6e9b3b2aaa2aba887a8b2b3aba8a8ace9a4a8aa">[email protected]</a>

ChinkSantana
Feb 15, 2023

Hello Sir. What practise material did you use?

IckoPCNSE
Mar 3, 2023

Did you use the answers given by default here(initially) or you used the answers given by the people from the comment section which (some of them) are completely different ?

reaz
Mar 8, 2023

what answer should be taken into consideration

018ea9e
Sep 25, 2023

Should I pay attention to the comments? Which is the answer comment or the default one?

GeniusA
Dec 19, 2023

Should people used the ''Default answers'' or the ''Most wanted'' comment section?

EquianoOptions: BD
Mar 23, 2023

BD correct

PaulGoOptions: BD
Apr 10, 2023

Correct B and D

Vingador3000Options: BD
Apr 14, 2023

B,e is super correct.

PimplePooperOptions: BD
Apr 24, 2023

BD is the correct answer.

AgentSmithOptions: BD
Jun 25, 2023

BD is the correct answer.

mcclane654Options: BD
Jun 26, 2023

BD, as explained in the IPsec videos in the official nse4 training guide from fortinet

rian00z_Options: BD
Aug 17, 2023

Answer: BD

YgrecOptions: BD
Oct 22, 2023

BD The lower distance is the better

MedialineIsTheBestOptions: BD
Jan 9, 2024

B and D for sure