What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?
Enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel causes the FortiGate to automatically bring up the IPsec tunnel and keep it up, regardless of activity on the IPsec tunnel. This means that the tunnel is established and maintained even when there is no interesting traffic, ensuring that the connection is always available without the need for manual intervention.
B. FortiGate automatically brings up the IPsec tunnel... FortiGate Infrastructure 7.2 Study Guide (p.264): "...then FortiGate might drop interesting traffic because of the absence of active SAs. To prevent this, you can enable Auto-negotiate. When you do this, FortiGate not only negotiates new SAs before the current SAs expire, but it also starts using the new SAs right away." "Another benefit of enabling Auto-negotiate is that the tunnel comes up and stays up automatically, even when there is no interesting traffic. When you enable Autokey Keep Alive and keep Auto-negotiate disabled, the tunnel does not come up automatically unless there is interesting traffic. However, after the tunnel is up, it stays that way because FortiGate periodically sends keep alive packets over the tunnel. Note that when you enable Auto-negotiate, Autokey Keep Alive is implicitly enabled." Reference and download study guide: https://ebin.pub/fortinet-fortigate-infrastructure-study-guide-for-fortios-72.html
B is the right answer . It is not after it is before a SA fails the SA re negotiates.
B is correct see FortiGate infrastructure 7.2 page 264
B. FortiGate automatically brings up the IPsec tunnel...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-IPSec-auto-negotiate-and-keepalive/ta-p/189536
If the tunnel goes down, the auto-negotiate feature (when enabled) attempts to re-establish the tunnel. Auto-negotiate initiates the phase 2 SA negotiation automatically, repeating every five seconds until the SA is established.
B is correct
B is correct. FortiGate infrastructure 7.2 page 264
La respuesta correcta es B: Another benefit of enabling Auto-negotiate is that the tunnel comes up and stays up automatically, even when there is no interesting traffic.
Looking at this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-IPSec-auto-negotiate-and-keepalive/ta-p/189536 it sounds like "B" is directed at the keep-alive feature, which (AFAIK) doesn't re-establish the P2 if it is down, while D appears to be the correct answer in this case ... also that document references the fact that enabling auto-neg also implicitly activates the keep-alive feature for the tunnel ...
In answer D before it expires not after is probably incorrect.
B is a valid response
Infra 7.2 page 264.
answer
The answer is B
D is correct