A network administrator wants to set up redundant IPsec VPN tunnels on FortiGate by using two IPsec VPN tunnels and static routes.
* All traffic must be routed through the primary tunnel when both tunnels are up
* The secondary tunnel must be used only if the primary tunnel goes down
* In addition, FortiGate should be able to detect a dead tunnel to speed up tunnel failover Which two key configuration changes are needed on FortiGate to meet the design requirements? (Choose two,)
- Configure a high distance on the static route for the primary tunnel, and a lower distance on the static route for the secondary tunnel.
- Enable Dead Peer Detection.
- Configure a lower distance on the static route for the primary tunnel, and a higher distance on the static route for the secondary tunnel.
- Enable Auto-negotiate and Autokey Keep Alive on the phase 2 configuration of both tunnels.
Reveal Solution Next Question