NSE 4 – FortiGate 6.4 — Question 88

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?

Answer options

• A. Disabled
• B. On Demand
• C. Enabled
• D. On Idle

Correct answer: D

Explanation

The correct answer is 'On Idle' because this mode allows FortiGate to send DPD probes only when the tunnel is inactive, meaning no traffic is passing through. The other options either disable DPD entirely or do not meet the condition of only probing when idle.