Podcast
Questions and Answers
Which FortiGate models support hardware offloading of IPsec encryption and decryption?
Which FortiGate models support hardware offloading of IPsec encryption and decryption?
By default, is hardware offloading enabled for supported algorithms?
By default, is hardware offloading enabled for supported algorithms?
What command can you use to disable hardware offloading per tunnel if necessary?
What command can you use to disable hardware offloading per tunnel if necessary?
What information does the command 'get vpn ipsec stats tunnel' provide?
What information does the command 'get vpn ipsec stats tunnel' provide?
Signup and view all the answers
What information does the command 'diagnose vpn ike gateway list' provide?
What information does the command 'diagnose vpn ike gateway list' provide?
Signup and view all the answers
What effect does the command 'diagnose vpn ike gateway clear' have?
What effect does the command 'diagnose vpn ike gateway clear' have?
Signup and view all the answers
What command provides detailed information for the active IPsec tunnels?
What command provides detailed information for the active IPsec tunnels?
Signup and view all the answers
What is the default setting for hardware offloading on FortiGate models?
What is the default setting for hardware offloading on FortiGate models?
Signup and view all the answers
What does the command 'diagnose vpn ike gateway clear' do?
What does the command 'diagnose vpn ike gateway clear' do?
Signup and view all the answers
What does the command 'get vpn ipsec stats tunnel' provide?
What does the command 'get vpn ipsec stats tunnel' provide?
Signup and view all the answers
Which command displays the current IPsec SA information for all active tunnels?
Which command displays the current IPsec SA information for all active tunnels?
Signup and view all the answers
Which command provides SA information about a specific tunnel?
Which command provides SA information about a specific tunnel?
Signup and view all the answers
What are the default UDP port numbers for IKE and IKE NAT-T, respectively?
What are the default UDP port numbers for IKE and IKE NAT-T, respectively?
Signup and view all the answers
If NAT-T is enabled and there is a FortiGate located in the middle that is running NAT, what UDP port does IKE traffic use during the tunnel negotiation?
If NAT-T is enabled and there is a FortiGate located in the middle that is running NAT, what UDP port does IKE traffic use during the tunnel negotiation?
Signup and view all the answers
What protocol is ESP traffic encapsulated in when NAT-T is enabled?
What protocol is ESP traffic encapsulated in when NAT-T is enabled?
Signup and view all the answers
If the VPN is up but the traffic can't cross the tunnel, what command should you use to troubleshoot?
If the VPN is up but the traffic can't cross the tunnel, what command should you use to troubleshoot?
Signup and view all the answers
What does the debug flow command show when traffic is crossing an IPsec tunnel?
What does the debug flow command show when traffic is crossing an IPsec tunnel?
Signup and view all the answers
What does the output of the debug flow command show if the traffic is not crossing the tunnel due to a routing misconfiguration?
What does the output of the debug flow command show if the traffic is not crossing the tunnel due to a routing misconfiguration?
Signup and view all the answers
What does the debug flow command display if the traffic drops and why?
What does the debug flow command display if the traffic drops and why?
Signup and view all the answers
What does the debug flow command show after the phase-2 negotiation?
What does the debug flow command show after the phase-2 negotiation?
Signup and view all the answers
