Exam FCP_FGT_AD-7.6 Topic 3 Question 52 Discussion
Actual exam question for Fortinet's FCP_FGT_AD-7.6 exam
Question #: 52
Topic #: 3
Question #: 52
Topic #: 3
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
All traffic must be routed through the primary tunnel when both tunnels are up. The secondary tunnel must be used only if the primary tunnel goes down. In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover.
Which two key configuration changes must the administrator make on FortiGate to meet the requirements? (Choose two.)
Suggested Answer: B,C Vote an answer
Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel → This ensures that the primary tunnel is always preferred, and the secondary is only used when the primary route is unavailable.
Enable Dead Peer Detection → DPD allows FortiGate to quickly detect when the primary tunnel is down, enabling faster failover to the backup tunnel.
Enable Dead Peer Detection → DPD allows FortiGate to quickly detect when the primary tunnel is down, enabling faster failover to the backup tunnel.
by Reuben at Feb 21, 2026, 01:14 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).