ExamGecko
Search Search Login
Home Home / Fortinet / FCSS_SASE_AD-23
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

How does FortiSASE hide user information when viewing and analyzing logs?
What are two advantages of using zero-trust tags? (Choose two.)
Refer to the exhibits. When remote users connected to FortiSASE require access to internal resources on Branch-2. how will traffic be routed?
Refer to the exhibits. A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGale hub. However, the administrator is not able to ping the webserver hosted behind the FortiGate hub. Based on the output, what is the reason for the ping failures?
Refer to the exhibit. The daily report for application usage shows an unusually high number of unknown applications by category. What are two possible explanations for this? (Choose two.)
When viewing the daily summary report generated by FortiSASE. the administrator notices that the report contains very little data. What is a possible explanation for this almost empty report?
A customer wants to upgrade their legacy on-premises proxy to a could-based proxy for a hybrid network. Which FortiSASE features would help the customer to achieve this outcome?
You are designing a new network for Company X and one of the new cybersecurity policy requirements is that all remote user endpoints must always be connected and protected Which FortiSASE component facilitates this always-on security measure?
Refer to the exhibits. WiMO-Pro and Win7-Pro are endpoints from the same remote location. WiMO-Pro can access the internet though FortiSASE, while Wm7-Pro can no longer access the internet Given the exhibits, which reason explains the outage on Wm7-Pro?
An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

Question 12 - FCSS_SASE_AD-23 discussion

Report
Export

Refer to the exhibits.

A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGale hub. However, the administrator is not able to ping the webserver hosted behind the FortiGate hub.

Based on the output, what is the reason for the ping failures?

A.
The Secure Private Access (SPA) policy needs to allow PING service.
Answers
A.
The Secure Private Access (SPA) policy needs to allow PING service.
B.
Quick mode selectors are restricting the subnet.
Answers
B.
Quick mode selectors are restricting the subnet.
C.
The BGP route is not received.
Answers
C.
The BGP route is not received.
D.
Network address translation (NAT) is not enabled on the spoke-to-hub policy.
Answers
D.
Network address translation (NAT) is not enabled on the spoke-to-hub policy.
Suggested answer: B

Explanation:

The reason for the ping failures is due to the quick mode selectors restricting the subnet. Quick mode selectors define the IP ranges and protocols that are allowed through the VPN tunnel, and if they are not configured correctly, traffic to certain subnets can be blocked.

Quick Mode Selectors:

Quick mode selectors specify the source and destination subnets that are allowed to communicate through the VPN tunnel.

If the selectors do not include the subnet of the webserver (192.168.10.0/24), then the traffic will be restricted, and the ping will fail.

Diagnostic Output:

The diagnostic output shows the VPN configuration details, but it is important to check the quick mode selectors to ensure that the necessary subnets are included.

If the quick mode selectors are too restrictive, they will prevent traffic to and from the specified subnets.

Configuration Check:

Verify the quick mode selectors on both the FortiSASE and FortiGate hub to ensure they match and include the subnet of the webserver.

Adjust the selectors to allow the necessary subnets for successful communication.

FortiOS 7.2 Administration Guide: Provides detailed information on configuring VPN tunnels and quick mode selectors.

FortiSASE 23.2 Documentation: Explains how to set up and manage VPN tunnels, including the configuration of quick mode selectors.

Show Answer
asked 18/09/2024
john wick
34 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms