Mastering Azure Site-to-Site VPN Configuration

Questions and Answers

Which component in Azure is responsible for hosting the VPN gateway?

Local network gateway

VPN gateway connection

Gateway subnet (correct)

VPN gateway

What type of virtual network gateway is required for the site-to-site VPN implementation?

ExpressRoute

Application gateway

VPN gateway (correct)

Load balancer

What must be configured in the VPN gateway connection for this scenario?

Point-to-site; SSTP

Site-to-site; IPsec (correct)

ExpressRoute

VNet-to-VNet

What type of VPN can be configured in the VPN gateway?

All of the above

How long can it take for Azure to finish creating a VPN gateway?

45 minutes

What is the purpose of the local network gateway in the site-to-site VPN implementation?

To set the FortiGate external IP

What command should be used on the FortiGate side if it is behind NAT?

set local-gw

What should be verified when configuring the FortiGate end of the connection?

The routing configuration

What type of site-to-site implementation is the FortiGate configuration similar to?

Standard site-to-site

What is the purpose of the shared key configured in the VPN gateway connection?

To match the on-premises FortiGate

Which parameters are included in the configuration for the VPN connection?

Phase-1, phase-2, routing, and firewall policies

What should be done if the FortiGate is behind NAT?

Use the command 'set local-gw {ip}' to the FortiGate local private IP-address

What command can be used to troubleshoot the FortiGate end of the VPN connection?

diagnose debug application ike -1

How can the establishment of the VPN tunnel be verified?

Access the IPsec Monitor widget in the FortiGate GUI

What are the most common issues when troubleshooting the VPN tunnel creation?

All of the above

What is the recommended option for the FortiGate configuration?

Using FortiGate on both ends

What should be verified when configuring the FortiGate end of the connection?

The supported DH groups

What type of clusters can be used for high availability?

FortiGate H-A clusters

What is the purpose of the IPsec Monitor widget in the FortiGate GUI?

To verify if the VPN tunnel is established and traffic is being sent and received

When using FortiGate on both ends, what type of VPN connection is being implemented?

Site-to-Site VPN

Which command should be used on the FortiGate end to troubleshoot the VPN connection?

diagnose debug application ike -1

What should be done if the FortiGate is behind NAT?

Use the command 'set local-gw {ip}'

What should be done to verify if the VPN tunnel is established and traffic is being sent and received?

Access the IPsec Monitor widget in the Azure portal

What is the recommended option for using FortiGate on both ends?

Use FortiGate H-A clusters for high availability

What is the purpose of the 'set local-gw {ip}' command?

To set the FortiGate local private IP-address

What parameter should be verified to ensure it is supported by Azure?

Phase-2 parameters

What is the purpose of the command 'diagnose debug enable'?

To enable debugging for troubleshooting

What can be a common issue when creating the VPN tunnel?

All of the above

What should be done to troubleshoot the Azure side of the VPN connection?

Refer to the Azure documentation

What commands can be useful when troubleshooting the creation of the VPN tunnel?

diagnose debug application ike -1