View all questions & answers for the NSE 5 - FortiManager 7.6 Administrator Exam Materials exam


NSE 5 - FortiManager 7.6 Administrator Exam Materials-Question 16 Discussion

The administrator uses FortiManager to push a CLI script using the Remote FortiGate Directly (via CLI) option to configure an IPsec VPN. However, when running the script, the administrator receives the following error: config vpn ipsec phase2-interface [parameter(s) invalid. detail: object mismatch] What must the administrator do to resolve the script error and successfully apply the IPsec configuration? (Choose one answer)

  • A. Add the end command after finishing the IPsec phase1-interface configuration block.
  • B. Use IPsec templates to deploy provisioning templates.
  • C. Add a second config vpn ipsec phase2-interface block without linking it to phase1.
  • D. Run the script using the policy package or ADOM database method.
Correct Answer: D

Brave-Dump Clients Votes

D 50%
A 50%

Comments



[email protected] 2025-11-18 18:41:05

Selected Answers: D


p141-148
When you execute a script directly on a device, the changes are
automatically applied on the device. You do not need to take any further action to apply the changes;
however, you cannot preview the changes before they are applied.
  • Brave-Dumps.com Admin 2025-11-18 23:52:47
    Thank you.

Hisham Madani 2026-03-10 17:39:39

Selected Answers: A


In FortiGate CLI, config vpn ipsec phase1-interface and config vpn ipsec phase2-interface are separate config trees. Fortinet’s CLI reference shows phase2-interface as its own block, and a Phase 2 entry must reference the Phase 1 tunnel with set phase1name "<phase1-name>".

Fortinet examples show the proper structure as:

config vpn ipsec phase1-interface

edit ...

next

end

then a new config vpn ipsec phase2-interface block.

So if the admin starts the phase2-interface section before properly closing the phase1 block, FortiGate parses it in the wrong context and throws an error like object mismatch. That matches this question best.

Why the others are wrong:

B: IPsec templates are a different deployment method, not the fix for this CLI syntax/context error.

C: Phase 2 must be linked to Phase 1 using set phase1name; an unlinked second block is not correct.

D: The question says the script is being run Remote FortiGate Directly (via CLI), so the issue is the script structure, not the install target.

So I’d mark A.

Mehdi 2026-03-21 23:25:32

Selected Answers: A


This causes the phase2 configuration to fail with an “object mismatch” error since it can’t properly reference its parent phase1 configuration This is structure issue not the way of deployment only option which is closest is A ,m

Anonymous User 2026-04-14 01:46:53

Selected Answers: D


D is the correct answer