Refer to the exhibit, which shows a partial troubleshooting command output. An administrator is extensively using IPsec on FortiGate. Many tunnels show information similar to the output shown in the exhibit. What can the administrator conclude?
A.
IPsec SAs cannot be offloaded.
B.
The two IPsec SAs, inbound and outbound, are copied to the NPU.
C.
Only the outbound IPsec SA is copied to the NPU.
D.
Only the inbound IPsec SA is copied to the NPU.
Correct answer A.
npu_flag=20 means unsupported cipher or HMAC. IPsec SA cannot be offloaded.
Source: Network_Security_Support_Engineer_7.4_Study_Guide, p. 328
npu_flag=20 means unsupported cipher or HMAC. IPsec SA cannot be offloaded. If both inbound and outbound IPsec SAs would be offloaded to NPU the flag would be npc_flag=03
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Yaghu
1 month, 1 week agoTweefo
1 month, 1 week agoPoskgraff
1 month, 2 weeks ago79cab4d
1 month, 2 weeks agoAdonisthewise22
1 month, 2 weeks agoAdonisthewise22
1 month, 2 weeks agodjekson
1 month, 2 weeks agoAdonisthewise22
1 month, 2 weeks ago