NSE 4 – FortiGate 7.2 — Question 42

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet this requirement?

Answer options

• A. On Demand
• B. On Idle
• C. Disabled
• D. Enabled

Correct answer: B

Explanation

The correct answer is B, On Idle, as this mode ensures that DPD probes are only sent when there is a lack of traffic in the tunnel, aligning with the requirement. Option A, On Demand, sends probes based on demand rather than idle state, while C, Disabled, turns off DPD entirely, and D, Enabled, sends probes continuously regardless of traffic, which does not meet the specified condition.