Podcast
Questions and Answers
Which FortiGate models support hardware offloading of IPsec encryption and decryption?
Which FortiGate models support hardware offloading of IPsec encryption and decryption?
- Only some FortiGate models (correct)
- None of the FortiGate models
- All FortiGate models
- FortiGate models with a specific processor type
By default, is hardware offloading enabled for supported algorithms?
By default, is hardware offloading enabled for supported algorithms?
- It depends on the processor type
- It depends on the model
- Yes (correct)
- No
What command can you use to disable hardware offloading per tunnel if necessary?
What command can you use to disable hardware offloading per tunnel if necessary?
- get vpn ipsec stats tunnel
- diagnose vpn ike gateway list
- config vpn ipsec phase1-interface (correct)
- diagnose vpn ike gateway clear
What information does the command 'get vpn ipsec stats tunnel' provide?
What information does the command 'get vpn ipsec stats tunnel' provide?
What information does the command 'diagnose vpn ike gateway list' provide?
What information does the command 'diagnose vpn ike gateway list' provide?
What effect does the command 'diagnose vpn ike gateway clear' have?
What effect does the command 'diagnose vpn ike gateway clear' have?
What command provides detailed information for the active IPsec tunnels?
What command provides detailed information for the active IPsec tunnels?
What is the default setting for hardware offloading on FortiGate models?
What is the default setting for hardware offloading on FortiGate models?
What does the command 'diagnose vpn ike gateway clear' do?
What does the command 'diagnose vpn ike gateway clear' do?
What does the command 'get vpn ipsec stats tunnel' provide?
What does the command 'get vpn ipsec stats tunnel' provide?
Which command displays the current IPsec SA information for all active tunnels?
Which command displays the current IPsec SA information for all active tunnels?
Which command provides SA information about a specific tunnel?
Which command provides SA information about a specific tunnel?
What are the default UDP port numbers for IKE and IKE NAT-T, respectively?
What are the default UDP port numbers for IKE and IKE NAT-T, respectively?
If NAT-T is enabled and there is a FortiGate located in the middle that is running NAT, what UDP port does IKE traffic use during the tunnel negotiation?
If NAT-T is enabled and there is a FortiGate located in the middle that is running NAT, what UDP port does IKE traffic use during the tunnel negotiation?
What protocol is ESP traffic encapsulated in when NAT-T is enabled?
What protocol is ESP traffic encapsulated in when NAT-T is enabled?
If the VPN is up but the traffic can't cross the tunnel, what command should you use to troubleshoot?
If the VPN is up but the traffic can't cross the tunnel, what command should you use to troubleshoot?
What does the debug flow command show when traffic is crossing an IPsec tunnel?
What does the debug flow command show when traffic is crossing an IPsec tunnel?
What does the output of the debug flow command show if the traffic is not crossing the tunnel due to a routing misconfiguration?
What does the output of the debug flow command show if the traffic is not crossing the tunnel due to a routing misconfiguration?
What does the debug flow command display if the traffic drops and why?
What does the debug flow command display if the traffic drops and why?
What does the debug flow command show after the phase-2 negotiation?
What does the debug flow command show after the phase-2 negotiation?
Flashcards are hidden until you start studying
