Refer to the exhibits. A FortiSASE administrator has configured FortiSASE as a spoke to a FortiGate hub. The tunnel is up to the FortiGate hub. However, the remote FortiClient is not able to access the web server hosted behind the FortiGate hub. What is the reason for the access failure? (Choose one answer)

A. The hub is not advertising the required routes.
B. A private access policy has denied the traffic because of failed compliance.
C. The hub firewall policy does not include the FortiClient address range.
D. The server subnet BGP route was not received on FortiSASE.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Brave-Dumps Admin 2025-11-26 15:46:51

Selected Answers: C

C is correct.
FortiSASE routing table appear a network 10.160.160.0/24 learned from Fortigate Hub 10.11.11.1 but in Firewall policy object dont have a address 100.65.80.0/24

javaughn Bryan 2025-11-28 20:43:51

Selected Answers: C

C is indeed correct. The server subnet is there but not the FortiClient IP address because it was not configured in the Firewall Policy. See, the Firewall sits between the FortiSASE and the intended Server, but it also needs to see and be allowed on the FortiClient network (which it can't see now because it was not configured). So FortiSASE can see the server that was advertised by the FortiGate, but the endpoint behind FortiSASE is unable to access said server because its LAN is not in the Firewall policy, thus being blocked from ever reaching the server.