Skip to Content

Fortinet NSE7_SDW-7.2: What Configuration Is Applied to a FortiGate Device in an SD-WAN Topology?

By: Author Alex Lim

Posted on

Categories Exam

Explore the FortiGate device configuration in an SD-WAN topology. Learn about dynamic IPsec tunnels, ADVPN shortcuts, and spoke device characteristics in Fortinet’s NSE7_SDW-7.2 exam context.

Table of Contents

Question

Refer to the exhibit.

The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device.

The administrator used the SD-WAN overlay template to prepare an IPsec tunnels configuration for a hub-and-spoke SD-WAN topology. The exhibit shows the FortiManager installation preview for one FortiGate device.

Based on the exhibit, which statement best describes the configuration applied to the FortiGate device?

A. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.
B. It is a hub device. It can send ADVPN shortcut offers.
C. It is a hub device and will automatically discover the spoke devices that are part of the SD-WAN topology.
D. It is a spoke device that establishes dynamic IPsec tunnels to the hub. The local subnet range is 10.10.128.0/23.

Answer

A. It is a spoke device that establishes dynamic IPsec tunnels to the hub. It can send ADVPN shortcut requests.

Explanation

  1. Dynamic VPN: The configuration shows “set type dynamic”, indicating this is a dynamic VPN setup typical for spoke devices in a hub-and-spoke topology.
  2. Interface: “set interface “port1″” suggests this is an outgoing interface on a spoke device connecting to the hub.
  3. IKE version: “set ike-version 2” is commonly used in modern VPN setups, including spoke-to-hub configurations.
  4. Proposal: “set proposal aes256-sha256” is a strong encryption setting suitable for secure spoke-to-hub communication.
  5. Peer type: “set peertype any” allows the spoke to connect to any peer, typically the hub in this topology.
  6. Auto-discovery: “set auto-discovery-sender enable” indicates this device can initiate auto-discovery, a feature of ADVPN (Auto Discovery VPN) allowing spokes to send shortcut requests.
  7. IP addressing: The IPv4 start and end IPs (10.10.128.1 and 10.10.159.252) suggest a range for tunnel interfaces, not necessarily the local subnet.
  8. Network overlay: “set network-overlay enable” is crucial for SD-WAN functionality, allowing dynamic path selection and optimization.

These features collectively point to a spoke device configuration in a hub-and-spoke SD-WAN topology, capable of establishing dynamic IPsec tunnels to the hub and participating in ADVPN shortcut creation when needed.

Fortinet NSE7_SDW-7.2 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Fortinet NSE7_SDW-7.2 exam and earn Fortinet NSE7_SDW-7.2 certification.