Which portion of the configuration does an administrator specify the type of IPsec configuration (either policy-based or route-based)?
A. Under the IPsec VPN global settings.
B. Under the phase 2 settings.
C. Under the phase 1 settings.
D. Under the firewall policy settings.
I went out of my way to ask the Fortinet training staff. They agreed that it’s C, as half my coworkers wanted to say D. But if you read the questions, it’s asking about IP Sec config, regardless of Routed or Policy…
Hello Jake,
After speaking with my technical colleagues, I found out the answer is C – policy vs route based VPN definition is determined (in the GUI) during phase 1 configuration.
You may be getting confused with D because the firewall policy is configured differently, but only AFTER the VPN has already been defined.
Laura
Americas Regional Coordinator
Training Operations
C
For me it’s C too. https://kb.fortinet.com/kb/viewContent.do?externalId=FD35007
D
you distinguish policy based or route based by security policy. Phase1 has nothing to do with it.
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/Defining_VPN_Policies/Defining_Policies_for_Policy_and_Route.htm
It’s “C”. You have to specify phase 1 type while creating it.
its D because the Policy-action “IPSec”
C
It’s D
C
NSE4 patr 2 chapter “site-to-site ipsec vpn” slide 18