Refer to the exhibit, which shows a partial troubleshooting command output. An administrator is extensively using IPsec on FortiGate. Many tunnels show information similar to the output shown in the exhibit. What can the administrator conclude?
A.
IPsec SAs cannot be offloaded.
B.
The two IPsec SAs, inbound and outbound, are copied to the NPU.
C.
Only the outbound IPsec SA is copied to the NPU.
D.
Only the inbound IPsec SA is copied to the NPU.
00 = Both IPsec SAs loaded to the kernel
01 = Outbound IPsec SA copied to NPU
02 = Inbound IPsec SA copied to NPU
03 = Both outbound and inbound IPsec SA copied to NPU
20 = Unsupported cipher or HMAC, IPsec SA cannot be offloaded
Correct answer A.
npu_flag=20 means unsupported cipher or HMAC. IPsec SA cannot be offloaded.
Source: Network_Security_Support_Engineer_7.4_Study_Guide, p. 328
npu_flag=20 means unsupported cipher or HMAC. IPsec SA cannot be offloaded. If both inbound and outbound IPsec SAs would be offloaded to NPU the flag would be npc_flag=03
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Maria21
1 month agoYaghu
3 months, 3 weeks agoTweefo
3 months, 3 weeks agoPoskgraff
4 months ago79cab4d
4 months agoAdonisthewise22
4 months agoAdonisthewise22
4 months agodjekson
4 months agoAdonisthewise22
4 months ago