View all questions & answers for the NSE 6 – SD-WAN 7.6 Enterprise Administrator Exam Materials exam

NSE 6 – SD-WAN 7.6 Enterprise Administrator Exam Materials-Question 56 Discussion

You configure the overlay tunnels for an SD-WAN hub-and-spoke topology defined with IPsec tunnels, BGP on loopback, and dynamic BGP. Which are two recommended IPsec settings for this topology? (Choose two answers)

A. On the spoke, set the parameter net-device to enable.
B. On the spoke, configure the parameter localid.
C. On the hub, set the parameter mode-cfg to enable.
D. On the hub, set the tunnel type to static.

Correct Answer: A,B

Brave-Dump Clients Votes

AC 100%

Comments

Anonymous User 2026-02-12 16:51:03

Selected Answers: A, C

Here it asks for a recommendation, I am thinking the mode-cfg on the hub is a closer one,

Anonymous User 2026-03-09 13:26:14

Selected Answers: A, C

Fortinet’s BGP-over-IPsec examples for ADVPN / SD-WAN hub-and-spoke show the spokes with set net-device enable on the phase1-interface.
https://docs.fortinet.com/document/fortigate/7.6.6/administration-guide/820072/advpn-with-bgp-as-the-routing-protocol

Mode-CFG enable explicitly needed for IPSec tunnels with dynamic bgp and dial-up.
https://docs.fortinet.com/document/fortisase/26.1.26/feature-spa-deployment-guide-using-bgp-per-overlay/496004/ipsec-vpn-configuration