ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.2 All Questions

View all questions & answers for the NSE4_FGT-7.2 exam
Go to Exam

Exam NSE4_FGT-7.2 topic 1 question 81 discussion

Actual exam question from Fortinet's NSE4_FGT-7.2
Question #: 81
Topic #: 1
[All NSE4_FGT-7.2 Questions]

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

  • A. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
  • B. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
  • C. FortiGate automatically negotiates different local and remote addresses with the remote peer.
  • D. FortiGate automatically negotiates a new security association after the existing security association expires.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by nambomm at July 14, 2023, 12:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
raydel92
Highly Voted 1 year, 10 months ago
Selected Answer: B
B. FortiGate automatically brings up the IPsec tunnel... FortiGate Infrastructure 7.2 Study Guide (p.264): "...then FortiGate might drop interesting traffic because of the absence of active SAs. To prevent this, you can enable Auto-negotiate. When you do this, FortiGate not only negotiates new SAs before the current SAs expire, but it also starts using the new SAs right away." "Another benefit of enabling Auto-negotiate is that the tunnel comes up and stays up automatically, even when there is no interesting traffic. When you enable Autokey Keep Alive and keep Auto-negotiate disabled, the tunnel does not come up automatically unless there is interesting traffic. However, after the tunnel is up, it stays that way because FortiGate periodically sends keep alive packets over the tunnel. Note that when you enable Auto-negotiate, Autokey Keep Alive is implicitly enabled." Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
upvoted 8 times
...
GeniusA
Most Recent 1 year, 7 months ago
B is a valid response
upvoted 2 times
...
itzuy06
1 year, 9 months ago
Selected Answer: B
B. FortiGate automatically brings up the IPsec tunnel...
upvoted 3 times
...
Garry_G
1 year, 10 months ago
Selected Answer: D
Looking at this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-IPSec-auto-negotiate-and-keepalive/ta-p/189536 it sounds like "B" is directed at the keep-alive feature, which (AFAIK) doesn't re-establish the P2 if it is down, while D appears to be the correct answer in this case ... also that document references the fact that enabling auto-neg also implicitly activates the keep-alive feature for the tunnel ...
upvoted 2 times
Jumpy007
1 year, 10 months ago
In answer D before it expires not after is probably incorrect.
upvoted 2 times
...
...
darkstar15
1 year, 11 months ago
La respuesta correcta es B: Another benefit of enabling Auto-negotiate is that the tunnel comes up and stays up automatically, even when there is no interesting traffic.
upvoted 2 times
...
Halmonte0780
2 years ago
B is correct. FortiGate infrastructure 7.2 page 264
upvoted 2 times
...
exiled2019
2 years ago
D is correct
upvoted 1 times
...
NiciExam
2 years ago
Selected Answer: B
B is correct
upvoted 2 times
...
ccnax2
2 years ago
Selected Answer: B
If the tunnel goes down, the auto-negotiate feature (when enabled) attempts to re-establish the tunnel. Auto-negotiate initiates the phase 2 SA negotiation automatically, repeating every five seconds until the SA is established.
upvoted 2 times
...
Dave304409
2 years ago
Selected Answer: B
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-IPSec-auto-negotiate-and-keepalive/ta-p/189536
upvoted 2 times
...
Takumi
2 years ago
Selected Answer: B
The answer is B
upvoted 1 times
...
Lapegues
2 years ago
Selected Answer: B
answer
upvoted 1 times
...
itmaxuser
2 years ago
B is correct see FortiGate infrastructure 7.2 page 264
upvoted 3 times
...
lupnoob
2 years ago
Selected Answer: B
Infra 7.2 page 264.
upvoted 1 times
...
nambomm
2 years ago
B is the right answer . It is not after it is before a SA fails the SA re negotiates.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel