View all questions & answers for the NSE 5 - FortiSwitch 7.6 Administrator Exam Materials exam


Question 50 Discussion

You are designing a multi-tenant network using FortiSwitch devices in standalone mode. Security is a priority and each tenant’s servers must be completely isolated from one another, and from all other servers in the network, to prevent lateral communication. However, all servers must have access to the shared FortiGate firewall for internet access. Which type of private VLAN (PVLAN) configuration should you apply to meet these security requirements? (Choose one answer)

  • A. Standalone VLAN
  • B. Community VLAN
  • C. Isolated VLAN
  • D. Primary VLAN
Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments



javaughn Bryan 2025-12-18 01:50:56

Selected Answers: C


C is correct.

Isolated VLAN: Ports in an isolated VLAN cannot communicate with each other but can communicate with promiscuous ports (such as the FortiGate firewall). This ensures that each server is completely isolated from all other servers while still being able to reach the firewall for internet access.

A private VLAN (PVLAN) divides a primary VLAN into one or more secondary VLANs. That is, a PVLAN divides a broadcast domain into multiple smaller broadcast subdomains. PVLANs enable you to further restrict access of devices in a VLAN without having to change their current IP addressing.

The are two types of secondary VLANs:

1. Isolated: Hosts in this VLAN can communicate with hosts in the primary VLAN only. Communication with hosts in the same isolated VLAN, as well as communication with hosts in community VLANs is blocked.

2. Community: Hosts in this VLAN can communicate with other hosts in the same community VLAN or with hosts in the primary VLAN. Communication with hosts in different secondary VLANs is blocked.

Depending on the PVLAN settings, a port is regarded as one of the following types:

1. Promiscuous port (P-Port): A port that is a member of the primary VLAN only. No secondary VLANs are configured on this port. The host connected to this port can communicate with hosts in isolated VLANs or community VLANs. Usually, you want to configure this type of port on switch ports that connect to routers, firewalls, and other types of gateway devices.

2. Isolated port (I-Port): A port that is a member of an isolated VLAN. A use case could be a server that needs to communicate with a gateway device only (north-south traffic), thus protecting the device from potential internal attacks.

3. Community port (C-Port): A port that is a member of a community VLAN. A use case could be a server that needs to communicate with a gateway device and a few other devices in the same community VLAN for east-west traffic, thus restricting the communication to the minimum necessary.

PAGE: 369 | FORTISWITCH 7.6 ADMIN GUIDE