ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCSS_EFW_AD-7.4 All Questions

View all questions & answers for the FCSS_EFW_AD-7.4 exam
Go to Exam

Exam FCSS_EFW_AD-7.4 topic 1 question 26 discussion

Actual exam question from Fortinet's FCSS_EFW_AD-7.4
Question #: 26
Topic #: 1
[All FCSS_EFW_AD-7.4 Questions]

Refer to the exhibit, which shows an ADVPN network

An administrator must configure an ADVPN using IBGP and EBGP to connect overlay network 1 with 2.
What two options must the administrator configure in BGP? (Choose two.)

  • A. set ebgp-enforce-multrhop enable
  • B. set next-hop-self enable
  • C. set ibgp-enforce-multihop advpn
  • D. set attribute-unchanged next-hop
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by djekson at March 17, 2025, 12:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
demifsud
1 week, 2 days ago
Selected Answer: AD
Page 236 of the study guide. Fortinet community post: https://community.fortinet.com/t5/FortiGate/Technical-Tip-eBGP-Next-Hop-Unchanged/ta-p/394004 My understanding is that: Setting ebgp-enforce-multihop enable is required because the bgp communication is originating from the IP assigned to the overlay network behind each firewall which adds extra hops between each firewall and the peer. set attribute-unchanged next-hop then stops each router from replacing the next-hop address advertised to the peer router to the egress interface IP (10.255.255.1/2), instead maintaining each routers respective IP on the overlay network as the next hop address advertised to each router. A tough question, but based on the study guide and Fortinet article as referenced above. A and D are the correct answers.
upvoted 1 times
...
tugutlu
2 weeks, 6 days ago
Selected Answer: AB
İ think it is AB
upvoted 1 times
...
ama6
3 weeks, 2 days ago
Selected Answer: AB
IS correct
upvoted 1 times
...
Maria21
2 months, 1 week ago
Selected Answer: AB
Option A (set ebgp-enforce-multihop enable) → Ensures that EBGP neighbors can establish connections across multiple hops, which is necessary in an ADVPN overlay network where direct peer-to-peer connections may not exist. Option B (set next-hop-self enable) → Allows the BGP hub router to advertise itself as the next-hop for IBGP routes, ensuring proper routing between spoke
upvoted 3 times
...
Adonisthewise22
4 months, 2 weeks ago
Selected Answer: AD
according Study Guide p.234
upvoted 2 times
...
Yaghu
5 months ago
Selected Answer: AD
EFW 7.4 Admin guide, p. 234
upvoted 2 times
...
Poskgraff
5 months ago
Selected Answer: AB
A. set ebgp-enforce-multihop enable Cuando usas EBGP, los routers vecinos no están directamente conectados. En este caso, para que la sesión EBGP funcione correctamente, se debe habilitar ebgp-enforce-multihop. Esto permite establecer sesiones BGP a través de múltiples saltos. B. set next-hop-self enable Esta opción es útil en IBGP cuando el router recibe rutas de otro BGP peer y desea anunciarlas a sus propios peers IBGP. Al habilitar next-hop-self, el Fortigate reemplaza la dirección IP del siguiente salto (next-hop) con su propia dirección IP, asegurando que el tráfico sea enrutado correctamente. Por otro lado: C. set ibgp-enforce-multihop advpn no es una opción válida o reconocida para este escenario. D. set attribute-unchanged next-hop se utiliza en casos específicos donde se requiere mantener atributos BGP sin modificar, pero no es necesario para una configuración típica de ADVPN.
upvoted 1 times
...
djekson
5 months, 1 week ago
Selected Answer: AD
According to Fortinet docs this should be A and D for the Hubs connecting different overlay networks.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel