NSE 4 – FortiGate 7.0 — Question 69

What is the effect of enabling auto-negotiate on the phase 2 configuration of an IPsec tunnel?

Answer options

• A. FortiGate automatically negotiates different local and remote addresses with the remote peer.
• B. FortiGate automatically negotiates a new security association after the existing security association expires.
• C. FortiGate automatically brings up the IPsec tunnel and keeps it up, regardless of activity on the IPsec tunnel.
• D. FortiGate automatically negotiates different encryption and authentication algorithms with the remote peer.

Correct answer: C

Explanation

Enabling auto-negotiate in phase 2 allows the FortiGate to maintain the IPsec tunnel continuously, irrespective of whether there is ongoing activity, which corresponds to option C. The other options discuss negotiations related to addresses, security associations, and algorithms, which are not the primary effect of auto-negotiation in this context.