Exhibit.
Refer to the exhibit, which shows an ADVPN network.
The client behind Spoke-1 generates traffic to the device located behind Spoke-2.
Which first message floes the hub send to Spoke-110 bring up the dynamic tunnel?
In an ADVPN scenario, when traffic is initiated from a client behind one spoke to another spoke, the hub sends a shortcut query to the initiating spoke. This query is used to determine if there is a more direct path for the traffic, which can then trigger the establishment of a dynamic tunnel between the spokes.
Refer to the exhibit, which shows two configured FortiGate devices and peering over FGSP.
The main link directly connects the two FortiGate devices and is configured using the set
session-syn-dev
What is the primary reason to configure the main link?
The primary purpose of configuring a main link between the devices is to synchronize session information so that if one unit fails, the other can continue processing traffic without dropping active sessions.
A . To have both sessions and configuration synchronization in layer 2. This is incorrect because FGSP is used for session synchronization, not configuration synchronization.
B . To load balance both sessions and configuration synchronization between layer 2 and 3. FGSP does not perform load balancing and is not used for configuration synchronization.
C . To have only configuration synchronization in layer 3. The main link is not used solely for configuration synchronization.
D . To have both sessions and configuration synchronization in layer 3. The main link in an FGSP setup is indeed used to synchronize session information across the devices, and it operates at layer 3 since it uses IP addresses to establish the peering.
In which two ways does fortiManager function when it is deployed as a local FDS? (Choose two)
When deployed as a local FortiGuard Distribution Server (FDS), FortiManager functions in several capacities. It can act as an update server, a rating server, or both, providing firmware updates and FortiGuard database updates. Additionally, it plays a crucial role in VM license validation services, ensuring that the connected FortiGate devices are operating with valid licenses. However, it does not support rating requests from non-FortiGate devices nor cache firmware updates for unmanaged devices.
Fortinet FortiOS Handbook: FortiManager as a Local FDS Configuration
Refer to the exhibit, which shows an SSL certification inspection configuration.
Which action does FortiGate take if the server name indication (SNI) does not match either the common name (CN) or any of the subject alternative names (SAN) in the server certificate?
Refer to the exhibits, which contain the network topology and BGP configuration for a hub.
Exhibit A.
Exhibit B.
An administrator is trying to configure ADVPN with a hub and spoke VPN setup using iBGP. All the VPNs are up and connected to the hub. The hub is receiving route information from both spokes over iBGP; however the spokes are not receiving route information from each other.
What change must the administrator make to the hub BGP configuration so that the routes learned from one spoke are forwarded to the other spoke?
