FCP – FortiGate Administrator 7.6 — Question 1
An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.
Which DPD mode on FortiGate meets this requirement?
Answer options
- A. Enabled
- B. On Idle
- C. Disabled
- D. On Demand
Correct answer: D
Explanation
The correct answer is 'On Demand' because it allows DPD probes to be sent only when there is no inbound traffic, which aligns with the administrator's requirement. 'Enabled' sends probes continuously, 'On Idle' sends them during idle periods regardless of traffic, and 'Disabled' does not send any probes at all.