ExamGecko
Search Search Login
Home Home / Fortinet / FCSS_SASE_AD-23
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What are two advantages of using zero-trust tags? (Choose two.)
How does FortiSASE hide user information when viewing and analyzing logs?
Refer to the exhibits. A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGale hub. However, the administrator is not able to ping the webserver hosted behind the FortiGate hub. Based on the output, what is the reason for the ping failures?
Refer to the exhibit. The daily report for application usage shows an unusually high number of unknown applications by category. What are two possible explanations for this? (Choose two.)
Refer to the exhibits. When remote users connected to FortiSASE require access to internal resources on Branch-2. how will traffic be routed?
You are designing a new network for Company X and one of the new cybersecurity policy requirements is that all remote user endpoints must always be connected and protected Which FortiSASE component facilitates this always-on security measure?
When viewing the daily summary report generated by FortiSASE. the administrator notices that the report contains very little data. What is a possible explanation for this almost empty report?
A customer wants to upgrade their legacy on-premises proxy to a could-based proxy for a hybrid network. Which FortiSASE features would help the customer to achieve this outcome?
Refer to the exhibits. WiMO-Pro and Win7-Pro are endpoints from the same remote location. WiMO-Pro can access the internet though FortiSASE, while Wm7-Pro can no longer access the internet Given the exhibits, which reason explains the outage on Wm7-Pro?
An organization needs to resolve internal hostnames using its internal rather than public DNS servers for remotely connected endpoints. Which two components must be configured on FortiSASE to achieve this? (Choose two.)

Question 21 - FCSS_SASE_AD-23 discussion

Report
Export

Refer to the exhibits.

A FortiSASE administrator is trying to configure FortiSASE as a spoke to a FortiGate hub. The VPN tunnel does not establish

Based on the provided configuration, what configuration needs to be modified to bring the tunnel up?

A.
NAT needs to be enabled in the Spoke-to-Hub firewall policy.
Answers
A.
NAT needs to be enabled in the Spoke-to-Hub firewall policy.
B.
The BGP router ID needs to match on the hub and FortiSASE.
Answers
B.
The BGP router ID needs to match on the hub and FortiSASE.
C.
FortiSASE spoke devices do not support mode config.
Answers
C.
FortiSASE spoke devices do not support mode config.
D.
The hub needs IKEv2 enabled in the IPsec phase 1 settings.
Answers
D.
The hub needs IKEv2 enabled in the IPsec phase 1 settings.
Suggested answer: C

Explanation:

The VPN tunnel between the FortiSASE spoke and the FortiGate hub is not establishing due to the configuration of mode config, which is not supported by FortiSASE spoke devices. Mode config is used to assign IP addresses to VPN clients dynamically, but this feature is not applicable to FortiSASE spokes.

Mode Config in IPsec:

The configuration snippet shows that mode config is enabled in the IPsec phase 1 settings.

Mode config is typically used for VPN clients to dynamically receive an IP address from the VPN server, but it is not suitable for site-to-site VPN configurations involving FortiSASE spokes.

Configuration Adjustment:

To establish the VPN tunnel, you need to disable mode config in the IPsec phase 1 settings.

This adjustment will allow the FortiSASE spoke to properly establish the VPN tunnel with the FortiGate hub.

Steps to Disable Mode Config:

Access the VPN configuration on the FortiSASE spoke.

Edit the IPsec phase 1 settings to disable mode config.

Ensure other settings such as pre-shared key, remote gateway, and BGP configurations are correct and consistent with the FortiGate hub.

FortiOS 7.2 Administration Guide: Provides details on configuring IPsec VPNs and mode config settings.

FortiSASE 23.2 Documentation: Explains the supported configurations for FortiSASE spoke devices and VPN setups.

Show Answer
asked 18/09/2024
Daniela Const
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms