Mastering Azure Site-to-Site VPN Configuration

Questions and Answers

Which component in Azure is responsible for hosting the VPN gateway?

• Local network gateway
• VPN gateway connection
• Gateway subnet (correct)
• VPN gateway

What type of virtual network gateway is required for the site-to-site VPN implementation?

• ExpressRoute
• Application gateway
• VPN gateway (correct)
• Load balancer

What must be configured in the VPN gateway connection for this scenario?

• Point-to-site; SSTP
• Site-to-site; IPsec (correct)
• ExpressRoute
• VNet-to-VNet

What type of VPN can be configured in the VPN gateway?

All of the above (D)

How long can it take for Azure to finish creating a VPN gateway?

45 minutes (C)

What is the purpose of the local network gateway in the site-to-site VPN implementation?

To set the FortiGate external IP (A)

What command should be used on the FortiGate side if it is behind NAT?

set local-gw (C)

What should be verified when configuring the FortiGate end of the connection?

The routing configuration (C)

What type of site-to-site implementation is the FortiGate configuration similar to?

Standard site-to-site (D)

What is the purpose of the shared key configured in the VPN gateway connection?

To match the on-premises FortiGate (C)

Which parameters are included in the configuration for the VPN connection?

Phase-1, phase-2, routing, and firewall policies (A)

What should be done if the FortiGate is behind NAT?

Use the command 'set local-gw {ip}' to the FortiGate local private IP-address (B)

What command can be used to troubleshoot the FortiGate end of the VPN connection?

diagnose debug application ike -1 (A)

How can the establishment of the VPN tunnel be verified?

Access the IPsec Monitor widget in the FortiGate GUI (D)

What are the most common issues when troubleshooting the VPN tunnel creation?

All of the above (D)

What is the recommended option for the FortiGate configuration?

Using FortiGate on both ends (A)

What should be verified when configuring the FortiGate end of the connection?

The supported DH groups (D)

What type of clusters can be used for high availability?

FortiGate H-A clusters (D)

What is the purpose of the IPsec Monitor widget in the FortiGate GUI?

To verify if the VPN tunnel is established and traffic is being sent and received (B)

When using FortiGate on both ends, what type of VPN connection is being implemented?

Site-to-Site VPN (C)

Which command should be used on the FortiGate end to troubleshoot the VPN connection?

diagnose debug application ike -1 (D)

What should be done if the FortiGate is behind NAT?

Use the command 'set local-gw {ip}' (D)

What should be done to verify if the VPN tunnel is established and traffic is being sent and received?

Access the IPsec Monitor widget in the Azure portal (B)

What is the recommended option for using FortiGate on both ends?

Use FortiGate H-A clusters for high availability (C)

What is the purpose of the 'set local-gw {ip}' command?

To set the FortiGate local private IP-address (D)

What parameter should be verified to ensure it is supported by Azure?

Phase-2 parameters (A)

What is the purpose of the command 'diagnose debug enable'?

To enable debugging for troubleshooting (B)

What can be a common issue when creating the VPN tunnel?

All of the above (D)

What should be done to troubleshoot the Azure side of the VPN connection?

Refer to the Azure documentation (A)

What commands can be useful when troubleshooting the creation of the VPN tunnel?

diagnose debug application ike -1 (C)