NSE 7 — Enterprise Firewall — Question 72

How would fec-ingress and fec-egress IPsec configuration affect an IPsec tunnel?

Answer options

• A. FortiGate will consider all IKEv2 packets as fragmentable.
• B. When an FGSP member in FortiGate fails, FortiGate flushes the corresponding tunnels and sends out dead peer detection probes to find unavailable remote peers.
• C. If fragmentation occurs, FortiGate will allow the packets at the IKE layer.
• D. FortiGate will add additional redundant information to reconstruct any lost or erratically received packets.

Correct answer: D

Explanation

The correct answer is D because fec-ingress and fec-egress configurations ensure that FortiGate adds redundancy to packets, helping to recover from packet loss. Options A and C misrepresent how FortiGate handles fragmentation at the IKE layer, while option B discusses a different aspect of FortiGate's functionality related to failover rather than fragmentation handling.