Exam NSE4_FGT-7.2 topic 1 question 3 discussion

Anything but the "different VLAN" answer is impossible from a networking view, as well as configuration on the FG is concerned. At least up to 7.0 it's impossible to configure the same VLAN on the same physical link multiple times, no matter if it's in separate VDOMs or not.

I used my own lab to resolve this question: If you use the same VLAN ID to add a second subinterface to the same physical interface is not allowed you get the error ( VLAN ID used by another VLAN switch) unless you change the VLAN Protocol to 802.1AD, no matter the VDOM you assign the subinterface. Being said that, options A and B are not true, the option C is correct and option D is true if as I said before you use 802.1Q in one subinterface and 802.1AD in the second subinterface.

B and C, to achieve this configuration (2 vlan interfaces on the same phisical port with same vlanID) you must use 802.1AD vlan protocol (is not mentioned but you must know) and, of course, to have a switch supporting this protocol, but in any case the 2 vlan interfaces MUST be assigned to 2 different VDOMs, to avoid conflict. so B answer is true, answer C is also true as on a single VDOM it's impossible to configure 2 vlan Interfaces with same vlanID, regardless from vlan protocol. Very trichi question ;-)

the firewall will instantly complain about duplicate VLAN ID no matter if you select different VDOMs, IPs, or IPs from the same subnet (which will ADDITIONALLY cause an IP-conflict with the first VLAN interface) So, if the official test has this question and asks for two choices, it's definitely wrong ... (as any sane technician would argue

On other websites, this question only requests a single answer. B and D can be done using a different vlan type,but that's because it's Q in Q tunneling, so it's not really a vlan interface.

C and D

Anybody got in Exam newly? Are those questions legit still?

C is correct but not sure about the other, this questions seems like wrong to me it has single answer only

c,D In a scenario where FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface, the correct requirements for the VLAN ID are: C. **The two VLAN subinterfaces must have different VLAN IDs.** Each VLAN subinterface should have a unique VLAN ID to properly segregate traffic between VLANs. D. **The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets.** If two VLAN subinterfaces share the same VLAN ID, they must belong to different IP subnets to avoid IP address conflicts and ensure proper routing of traffic. So, options C and D are the correct requirements for the VLAN ID in this scenario.

Las correctas son la B y C

Las correctas con B y C

Tested in lab, vdom is not significant. Only option is to use 802.1Q and 802.1AD with different subnet

C is definitely true as everyone has already mentioned. B and D are also true if you change one of the interfaces to use 802.1AD.

Correct

B & C is the correct answer

This Question has been asked on 7.0 and 6.4 NSE 4. It’s always been a one answer question. So it’s only C.

Basic concept of VLAN.