- All Exams Instant Download
What change must the administrator make to the hub BGP configuration so that the routes learned by one spoke are forwarded to the other spokes?
Exhibits: Refer to the exhibits, which contain the network topology and BGP configuration for a hub. An administrator is trying to configure ADVPN with a hub-spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over...
Which TCP session timer must be increased to fix this problem?
An administrator has decreased all the TCP session timers to optimize the FortiGate memory usage. However, after the changes, one network application started to have problems. During the troubleshooting, the administrator noticed that the FortiGate deletes the sessions after the clients send the SYN packets, and before the arrival of...
Which statement about the exhibit is true?
Refer to the exhibit, which contains the output of a BGP debug command. Which statement about the exhibit is true?A . The local router has received a total of three BGP prefixes from all peers.B . The local router has not established a TCP session with 100.64.3.1.C . Since the...
Which statement about IKE and IKE NAT-T is true?
Which statement about IKE and IKE NAT-T is true?A . IKE is used to encapsulate ESP traffic in some situations, and IKE NAT-T is used only when the local FortiGate is using NAT on the IPsec interface.B . IKE is the standard implementation for IKEv1 and IKE NAT-T is an...
Based on the output, which two statements are correct?
Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)A . The npu_flag for this tunnel is 03.B . Different SPI values are a result of auto-negotiation being disabled for phase 2...
Why is the port2 default route not in the second command's output?
Refer to the exhibit, which contains partial outputs from two routing debug commands. Why is the port2 default route not in the second command's output?A . It has a higher priority value than the default route using port1.B . It is disabled in the FortiGate configuration.C . It has a...
In which order is each step and phase displayed in the debug output each time a new dial-up user is connecting to the VPN?
An administrator has configured a dial-up IPsec VPN with one phase 2, extended authentication (XAuth) and IKE mode configuration. The administrator has also enabled the IKE real time debug: diagnose debug application ike-1 diagnose debug enable In which order is each step and phase displayed in the debug output each...
Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1 negotiation error?
View the exhibit, which contains the partial output of an IKE real-time debug, and then answer the question below. The administrator does not have access to the remote gateway. Based on the debug output, what configuration changes can the administrator make to the local gateway to resolve the phase 1...
What is the diagnose test application ipsmenitor 5 command used for?
What is the diagnose test application ipsmenitor 5 command used for?A . To enable IPS bypass modeB . To disable the IPS engineC . To restart all IPS engines and monitorsD . To provide information regarding IPS sessionsView AnswerAnswer: A Explanation: # diagnose test application ipsmonitor 5: Toggle bypass status...
Which IP addresses are included in the output of this command?
Examine the output of the ‘diagnose ips anomaly list’ command shown in the exhibit; then answer the question below. Which IP addresses are included in the output of this command?A . Those whose traffic matches a DoS policy.B . Those whose traffic matches an IPS sensor.C . Those whose traffic...
