Notifications
Clear all
Topic starter
04/07/2022 3:49 am
A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover
Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
- A . Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
- B . Enable Dead Peer Detection.
- C . Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
- D . Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
Suggested Answer: B,C
Explanation:
B - because the customer requires the tunnels to notify when a tunnel goes down. DPD is designed for that purpose. To send a packet over a firewall to determine a failover for the next tunnel after a specific amount of time of not receiving a response from its peer.
C - remember when it comes to choosing a route with regards to Administrative Distance. The route with the lowest distance for that particular route will be chosen. So, by configuring a lower routing distance on the primary tunnel, means that the primary tunnel
will be chosen to route packets towards their destination.
Explanation:
B - because the customer requires the tunnels to notify when a tunnel goes down. DPD is designed for that purpose. To send a packet over a firewall to determine a failover for the next tunnel after a specific amount of time of not receiving a response from its peer.
C - remember when it comes to choosing a route with regards to Administrative Distance. The route with the lowest distance for that particular route will be chosen. So, by configuring a lower routing distance on the primary tunnel, means that the primary tunnel
will be chosen to route packets towards their destination.