Refer to the exhibit, which contains the partial output of the get vpn ipsec tunnel details command. Based on the output, which two statements are correct? (Choose two.)
A.
Anti-replay is enabled.
B.
The npu_flag for this tunnel is 03.
C.
The npu_flag for this tunnel is 02
D.
Different SPI values are a result of auto-negotiation being disabled for phase 2 selectors.
The exhibit showsreplay: enabled, which confirms that anti-replay is enabled for this IPsec tunnel. Anti-replay is a security feature that prevents replay attacks by ensuring that packets are not duplicated or reused.
NPU Acceleration:
TheNPU acceleration: encryption (outbound) decryption (inbound)line indicates that Network Processing Unit (NPU) acceleration is used.
The npu_flag for this tunnel is 02. This indicates that encryption and decryption are handled by the NPU, improving the performance of the VPN tunnel.
References:
Fortinet Community: Troubleshooting IPsec VPN Tunnels(Welcome to the Fortinet Community!)(Welcome to the Fortinet Community!).
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit