A network administrator needs to implement dynamic route redundancy between a FortiGate unit located in a remote office and a FortiGate unit located in the central office.The remote office accesses central resources using IPSec VPN tunnels through two different Internet providers.What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?
Question:
What is the best method for allowing the remote office access to the resources through the FortiGate unit used at the central office?
Options:
Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
Use two or more policy-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.
Use route-based VPNs on the central office FortiGate unit to advertise routes with a dynamic routing protocol and use a policy-based VPN on the remote office with two or more static default routes.
Dynamic routing protocols cannot be used over IPSec VPN tunnels.
Correct Answer
The Correct Answer for this Question is
Use two or more route-based IPSec VPN tunnels and enable OSPF on the IPSec virtual interfaces.