Exam NSE4_FGT-6.4 topic 1 question 33 discussion

The answer must be C and D. For A - traffic between interfaces is not allowed by default. For B - Port1-vlan10 and port-2vlan10 are not in the same broadcast domain since the subnet is different.

B & D is correct. FortiGate_Infrastructure_6.4 page 127 for "D" and page 154 for "B"

A. WRONG Because they are different subnets, this will not work work. B. WRONG The interfaces can only be a part of the same broadcast domain if the Fortigate is in Transparent mode. If the Fortigate was in transpararent mode, however, the interfaces would not be assigned IP addresses. C. CORRECT Physical interface is native VLAN. D. CORRECT In NAT mode, which this obviously is, interfaces can be moved around. And even multi-VDOM VLAN sub-interfaces can belong in different VDOMs. Fortigate Infrastructure 7.0 Pg 121: Fortigate Infrastructure 7.0 Pg 134: Fortigate Infrastructure 7.0 Pg 156 Fortigate Infrastructure 7.0 Pg 160:

So many people here commenting and nobody knows the correct answer yet.

C&D is correct.javascript:void(0)

C e D são verdadeiras

Answer B and C A and d are wrong: For A - traffic between interfaces is not allowed by default. For D - "Each interface (physical or VLAN) can belong to ONLY ONE VDOM." (FortiGate Infrastructure 6.4 page 127

C and D.

C and D.

C-D: B is wrong because a brodcast domain is a datalink layer [Level2], here we are working in NAT mode A is wrong because traffic between different interface aren't allowed

C and D is correct

I agree with aads... "For A - traffic between interfaces is not allowed by default. For B - Port1-vlan10 and port-2vlan10 are not in the same broadcast domain since the subnet is different."

CD is correct A is wrong, different interfaces are not allowed by default B is wrong, because physical interfaces with SAME VLAN do not have to belong to the same broadcast domain. We don't know if they connect to the same switch. Also the IP subnet is different another clue

B & D ----Creating VLAN subinterfaces with the same VLAN ID doesn’t create an internal connection between them. For example, a VLAN ID of 300 on port1 and VLAN ID of 300 on port2 are allowed, but they aren’t connected. Their relationship is the same as between any two FortiGate network interfaces. FortiGate interfaces can’t have overlapping IP addresses, the IP addresses of all interfaces must be on different subnets. This rule applies to both physical interfaces and to virtual interfaces, such as VLAN subinterfaces.

C and D https://community.fortinet.com/t5/FortiGate/Technical-Tip-rules-about-VLAN-configuration-and-VDOM-interface/ta-p/197640?externalID=FD31639

D: https://kb.fortinet.com/kb/documentLink.do?externalID=FD31639 Example of VLAN setting and VDOM assignment. The same VLANs from another ports at the same VDOM. Answer B is OK only for transparent mode, not NAT mode (IP addresses = NAT mode for this question). FG Infra 7.0 page 171

A: wrong B: correct. same vlan ID = same broadcast domain C: correct: Port1 = Vlan0 = Native Vlan D: Wrong: cant have 2 vlanID interface in the same VDOM