FCP – FortiGate Administrator 7.4 — Question 21

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is outbound traffic but no response from the peer.

Which DPD mode on FortiGate meets this requirement?

Answer options

• A. On Demand
• B. On Idle
• C. Disabled
• D. Enabled

Correct answer: A

Explanation

The correct answer is 'On Demand' because this mode allows DPD probes to be sent only when there is outbound traffic and no response from the peer, fulfilling the specified requirement. 'On Idle' sends probes when there is no traffic, while 'Disabled' and 'Enabled' do not align with the condition of sending probes based on outbound traffic.