Master VPN Topologies

Play an AI-generated podcast conversation about this lesson

Which type of VPN topology is shown in the example on this slide?

Hub-and-spoke (correct)

Full mesh

Partial mesh

AD-VPN

What is a disadvantage of using a hub-and-spoke VPN topology?

Fast communication between branch offices

Limited system requirements for branch offices

Minimal planning required for routing

Lack of redundancy (correct)

In a hub-and-spoke VPN topology, where does the traffic between branch offices flow through?

Firewall

ISP

Direct connection between branch offices

Hub (correct)

Which type of mesh topology attempts to minimize required resources and latency?

Partial mesh Signup and view all the answers

What is a benefit of using AD-VPN?

Direct connectivity between branch offices Signup and view all the answers

What does AD-VPN stand for?

Advanced Dynamic VPN Signup and view all the answers

What is a disadvantage of using a partial mesh topology?

Complex FortiGate device configurations Signup and view all the answers

What is the purpose of using a full mesh topology?

To establish communication between every location Signup and view all the answers

What can be a significant issue when using a hub-and-spoke VPN topology for global companies?

Physical distance Signup and view all the answers

What should you use to troubleshoot IPsec problems if the tunnel is unstable?

DPD packets Signup and view all the answers

Which type of topology is shown in the slide?

Full mesh Signup and view all the answers

How many VPN tunnels are needed for each FortiGate device in a full mesh topology?

4 Signup and view all the answers

If a company has six locations, how many tunnels would be needed in a full mesh topology?

15 Signup and view all the answers

What is the benefit of AD-VPN?

Direct connectivity between all sites Signup and view all the answers

What is the disadvantage of a full mesh topology?

Spoke FortiGate devices must be more powerful Signup and view all the answers

What is the formula to calculate the number of tunnels in a full mesh topology?

N sites = N (N-1) / 2 Signup and view all the answers

Which topology places less strain on the central location?

Full mesh Signup and view all the answers

What is the main advantage of a hub-and-spoke topology?

Cheaper for many locations Signup and view all the answers

What is AD-VPN based on?

IKE and IPsec Signup and view all the answers

What version of FortiOS introduced AD-VPN?

5.4 Signup and view all the answers

Which field in the FortiGate session table indicates the offloading status of IPsec SAs?

npu_flag Signup and view all the answers

When are the IPsec SAs copied to the NPU?

When the first IPsec packet arrives Signup and view all the answers

What does an npu_flag value of 00 indicate?

No traffic crossing the tunnel Signup and view all the answers

What does an npu_flag value of 01 indicate?

Outbound SA copied to NPU Signup and view all the answers

What does an npu_flag value of 02 indicate?

Inbound SA copied to NPU Signup and view all the answers

What does an npu_flag value of 03 indicate?

Both outbound and inbound SA copied to NPU Signup and view all the answers

Master VPN Topologies

Podcast Beta

Questions and Answers