Refer to the exhibit.
A network administrator is troubleshooting an IPsec tunnel between two FortiGate devices. The administrator has determined that phase 1 status is up, but phase 2 fails to come up.
Based on the phase 2 configuration shown in the exhibit, which configuration change will bring phase 2 up?
In order to successfully establish phase 2 of an IPsec tunnel, the configuration parameters on both ends must match. In this case, the encryption algorithms on HQ-FortiGate and Remote-FortiGate are different. HQ-FortiGate uses AES128, while Remote-FortiGate uses AES256. To bring phase 2 up, the encryption algorithm on HQ-FortiGate should be set to AES256, ensuring both devices use the same encryption algorithm. Therefore, the configuration change needed is to set the encryption on HQ-FortiGate to AES256.
B is Correct set AES256 on both sides in order to complete Phase2
B is correct. When key lifetime is different, FortiGate chooses the lower one. Diffie Helman group needs only one that matches. The authentication proposals need one matching, which there isnt. That makes is B.
La respuesta es B por que lo esta manejando el escenario como una "falla en fase 2". 1) Confirm if the Encryption and Hashing algorithms match on both receiver and initiator. 2) Check if PFS is enabled, if yes, make sure the configuration is matched on both the units. 3) Make sure, if the quick mode selectors (interesting traffic) is matching on both units.
I think the correct is C. DH is different between HQ and Spoke. AES is matching on both sides
AES are different. Right is B
IPSEC will work as long as there is an overlap in the configs ... if one had only 5, the other only 2, you'd be correct. But as both have 5 available, they can still initiate Phase 2 using it. At least if both share the same encryption/signature combos, so B ...
B. On HQ-FortiGate, set Encryption to AES256. Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
B. ref FortiGate 7.2 Infrastructure page 263