NSE 4 – FortiGate 7.0 — Question 28

An administrator wants to configure Dead Peer Detection (DPD) on IPSEC VPN for detecting dead tunnels. The requirement is that FortiGate sends DPD probes only when no traffic is observed in the tunnel.
Which DPD mode on FortiGate will meet the above requirement?

Answer options

• A. On Demand
• B. Disabled
• C. On Idle
• D. Enabled

Correct answer: C

Explanation

The correct answer is 'On Idle' because this mode will initiate DPD probes only when there is no traffic over the tunnel, which aligns with the requirement. 'On Demand' sends probes based on traffic conditions, 'Disabled' does not send probes at all, and 'Enabled' sends probes continuously regardless of traffic, making them unsuitable for this scenario.