NSE 4 – FortiGate Administrator 7.6 — Question 20

An administrator wants to configure dead peer detection (DPD) on IPsec VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when there is no inbound traffic.
Which DPD mode on FortiGate meets this requirement?

Answer options

• A. On Demand
• B. Enabled
• C. On Idle
• D. Disabled

Correct answer: A

Explanation

The correct answer is A (On Demand) because this mode allows DPD probes to be sent only when there is no inbound traffic, which aligns with the administrator's requirement. Options B (Enabled) and C (On Idle) do not restrict DPD probe sending based on traffic, and D (Disabled) would not send any probes at all.