Refer to the exhibit. The network diagram shows the addition of Site 2 with an overlapping network segment to the existing VPN IPsec connection between the hub and Site 1. Which IPsec phase 2 configuration must you make on the FortiGate hub to enable equal-cost multi-path (ECMP) routing when multiple remote sites connect with overlapping subnets? (Choose one answer)

A. Set route-overlap to either use-new or use-old
B. Set multipath to enable
C. set net-device to ecmp
D. Set route-overlap to allow

Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments

Shabeeb Kunhipocker 2025-11-27 23:04:47

Selected Answers: D

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dynamic-VPN-add-route-and-subnet-overlap/ta-p/250588

Adam 2026-01-20 03:39:20

Selected Answers: D

From Study Guide:
In phase 2, the setting you use with the route-overlap command determines the action FortiGate will take when a new remote site connects with an overlapping subnet.
The options available for route-overlap are:
-> use-new (default): Disconnects the existing dialup VPN and accepts the new VPN.
-> use-old: Maintains the existing dialup VPN and rejects the new one.
-> allow: Keeps the existing dialup VPN active and accepts the new