NSE 4 – FortiGate 6.4 — Question 40

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Answer options

• A. FortiGate automatically negotiates different local and remote addresses with the remote peer.
• B. FortiGate automatically negotiates a new security association after the existing security association expires.
• C. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.
• D. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.

Correct answer: D

Explanation

Enabling auto-negotiate ensures that the IPsec tunnel remains active even if there is no traffic, which is why option D is correct. Options A, B, and C pertain to address negotiation, security association renewal, and algorithm negotiation, which are not directly affected by the auto-negotiate setting in phase 2.