Exam FCP_FGT_AD-7.4 Topic 1 Question 19 Discussion
Actual exam question for Fortinet's FCP_FGT_AD-7.4 exam
Question #: 19
Topic #: 1
Question #: 19
Topic #: 1
Which two settings are required for SSL VPN to function between two FortiGate devices? (Choose two.)
Suggested Answer: B,C Vote an answer
For SSL VPN to function correctly between two FortiGate devices, the following settings are required:
B . The server FortiGate requires a CA certificate to verify the client FortiGate certificate: The server FortiGate must have a Certificate Authority (CA) certificate installed to authenticate and verify the certificate presented by the client FortiGate device.
C . The client FortiGate requires a client certificate signed by the CA on the server FortiGate: The client FortiGate must have a client certificate that is signed by the same CA that the server FortiGate uses for verification. This ensures a secure SSL VPN connection between the two devices.
The other options are not directly necessary for establishing SSL VPN:
A . The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN: This is incorrect as SSL VPN does not require a specific tunnel interface type; it typically uses an SSL VPN client profile.
D . The client FortiGate requires a manually added route to remote subnets: While routing may be necessary, it is not specifically required for the SSL VPN functionality between two FortiGates.
Reference
FortiOS 7.4.1 Administration Guide - Configuring SSL VPN, page 1203.
FortiOS 7.4.1 Administration Guide - SSL VPN Authentication, page 1210.
B . The server FortiGate requires a CA certificate to verify the client FortiGate certificate: The server FortiGate must have a Certificate Authority (CA) certificate installed to authenticate and verify the certificate presented by the client FortiGate device.
C . The client FortiGate requires a client certificate signed by the CA on the server FortiGate: The client FortiGate must have a client certificate that is signed by the same CA that the server FortiGate uses for verification. This ensures a secure SSL VPN connection between the two devices.
The other options are not directly necessary for establishing SSL VPN:
A . The client FortiGate requires the SSL VPN tunnel interface type to connect SSL VPN: This is incorrect as SSL VPN does not require a specific tunnel interface type; it typically uses an SSL VPN client profile.
D . The client FortiGate requires a manually added route to remote subnets: While routing may be necessary, it is not specifically required for the SSL VPN functionality between two FortiGates.
Reference
FortiOS 7.4.1 Administration Guide - Configuring SSL VPN, page 1203.
FortiOS 7.4.1 Administration Guide - SSL VPN Authentication, page 1210.
by Peter at Feb 24, 2025, 10:21 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).