Refer to the exhibit.
To facilitate a large-scale deployment of SD-WAN/ADVPN with FortiGate devices, you are tasked with configuring the FortiGate devices to support injecting of IKE routes on the ADVPN shortcut tunnels.
Which three commands must be added or changed to the FortiGate spoke config vpn ipsec phasei-interface options referenced in the exhibit for the VPN interface to enable this capability? (Choose three.)
Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.
Dmust be set to enable add-route, which is the command that actually injects the IKE routes.
Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.
The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.
References:
Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0
Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0
Jose
8 months agoPansy
8 months agoClorinda
7 months agoKristin
7 months agoKanisha
8 months agoLaurel
8 months agoMaryrose
8 months agoKirk
8 months agoYvette
8 months agoLashanda
8 months agoSang
8 months ago