A FortiSASE customer has been enforcing always-on VPN for their remote users running FortiClient. What option can be enabled under the customer’s Endpoint Profile to allow them access different resources located in the same L2 network? (Choose one answer)

A. Allow local LAN Access in the user Endpoint Profile before they get connected to the VPN
B. Endpoint Sandbox protection for VPN users
C. Endpoint Anti-Virus protection in the Endpoint Profile for VPN
D. Network Lockdown for endpoints with VPN enabled

Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments

Brave-Dumps Admin 2025-10-29 23:31:39

Selected Answers: A

it needs additional check

javaughn Bryan 2025-11-21 03:36:55

Selected Answers: A

Enable Allow local LAN access to allow remote users to access their network resources (printers, file shares, and so on) connected in their LAN subnet while staying connected to the FortiSASE tunnel. When enabled, traffic destined for local LAN resources is routed through the endpoint's physical adapter instead of the FortiSASE tunnel.

If the endpoint local LAN subnet matches a subnet configured under Steering bypass destinations, the traffic flow is determined by whether Allow local LAN access is enabled or disabled. Additionally, if on-net detection for endpoints is enabled, the feature can also be enabled based on the endpoint's current on-net status, offering granularity and flexibility.

PAGE 87: SASE ENTERPRISE STUDY GUIDE