Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

FCP_FGT_AD-7.4 0 Comments

Which two statements about SSL VPN between two FortiGate devices are true? (Choose two.)

A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

B. The client FortiGate requires a manually added route to remote subnets.

C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate.

Answer: C,D

Explanation:

C. The client FortiGate uses the SSL VPN tunnel interface type to connect SSL VPN.

D. Server FortiGate requires a CA certificate to verify the client FortiGate certificate. Incorrect:

A. The client FortiGate requires a client certificate signed by the CA on the server FortiGate.

B. The client FortiGate requires a manually added route to remote subnets. (dynamically)

The FortiGate can be configured as an SSL VPN client, using an SSL-VPN Tunnel interface type. When an SSL VPN client connection is established, the client dynamically adds a route to the subnets that are returned by the SSL VPN server.

This configuration requires proper CA certificate installation as the SSL VPN client FortiGate/user uses PSK and a PKI client certificate to authenticate. The FortiGate devices must have the proper CA certificate installed to verify the certificate chain to the root CA that signed the certificate.

Latest FCP_FGT_AD-7.4 Dumps Valid Version with 200 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download FCP_FGT_AD-7.4 PDF     FCP_FGT_AD-7.4 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments