A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and stat
Posted: Wed Aug 31, 2022 8:30 am
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
✑ All traffic must be routed through the primary tunnel when both tunnels are up
✑ The secondary tunnel must be used only if the primary tunnel goes down
In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)
A. Configure a higher distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
B. Enable Dead Peer Detection.
C. Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels.
D. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
✑ All traffic must be routed through the primary tunnel when both tunnels are up
✑ The secondary tunnel must be used only if the primary tunnel goes down
In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed in FortiGate to meet the design requirements? (Choose two.)
- A Network Admin 1 (116 Bytes) Viewed 25 times
B. Enable Dead Peer Detection.
C. Enable Auto-negotiate and Auto Keep Alive on the phase 2 configuration of both tunnels.
D. Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.