Fortinet Exam NSE8_812 Topic 1 Question 14 Discussion

Actual exam question for Fortinet's NSE8_812 exam

Question #: 14
Topic #: 1

Refer to the exhibits.

A customer has deployed a FortiGate with iBGP and eBGP routing enabled. HQ is receiving routes over eBGP from ISP 2; however, only certain routes are showing up in the routing table-Assume that BGP is working perfectly and that the only possible modifications to the routing table are solely due to the prefix list that is applied on HQ.

Given the exhibits, which two routes will be active in the routing table on the HQ firewall? (Choose two.)

A172.16.204.128/25

B172.16.201.96/29

C172,620,64,27

D172.16.204.64/27

Show Suggested Answer

Suggested Answer: B, D, E

Bmust be set to enable mode-cfg, which is required for injecting IKE routes on the ADVPN shortcut tunnels.

Dmust be set to enable add-route, which is the command that actually injects the IKE routes.

Emust be set to enable mode-cfg-allow-client-selector, which allows custom phase 2 selectors to be configured.

The other options are incorrect. Option A is incorrect because net-device disable is not required for injecting IKE routes on the ADVPN shortcut tunnels. Option C is incorrect because IKE version 1 is not supported for ADVPN.

References:

Phase 2 selectors and ADVPN shortcut tunnels | FortiGate / FortiOS 7.2.0

Configuring SD-WAN/ADVPN with FortiGate | FortiGate / FortiOS 7.2.0

by Kenneth at Dec 21, 2023, 08:40 AM

Limited Time Offer

25%

11 days ago

I think the active routes will be 172.16.204.128/25 and 172.16.204.64/27.

upvoted 0 times

...