Posted by: Pdfprep
Post Date: April 30, 2021
Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 fails to come up. The administrator has also re-entered the pre-shared key on both FortiGate devices to make sure they match.
Based on the phase 1 configuration and the diagram shown in the exhibit, which two configuration changes will bring phase 1 up? (Choose two.)
A . On HQ-FortiGate, set IKE mode to Main (ID protection).
B . On both FortiGate devices, set Dead Peer Detection to On Demand.
C . On HQ-FortiGate, disable Diffie-Helman group 2.
D . On Remote-FortiGate, set port2 as Interface.
Answer: B,C
Leave a Reply