The three most used protocols in the suite are the following: (Select 3)
lnternet Key Exchange (IKE)
Encapsulation Security Payload (ESP)
Authentication Header (AH)
Point – to – Point Tunneling Protocol (PPTP)
Secure Sockets Layer (SSL)
❌, which does the handshake, tunnel maintenance, and disconnection.
❌, which ensures data integrity andencryption.
❌, which offers only data integrity-not encryption.
FortiGate uses ESP to transport the packet payload and authenticate.
IKE uses port
UDP 500
TCP 500
UDP 4500
TCP 4500
IKE uses if NAT-T is enabled in a NAT scenario:
UDP port 4500
TCP port 4500
UDP port 5000
TCP port 5000
SA
Security Association
Security Access
For phase 1, there are two possible negotiation modes that can be used:
main mode
aggressive mode
quick mode
Phase 2 uses only one negotiation mode:
AH is used by FortiGate
IKE
Internet Key Exchange
Internal Key Exchange
Internal Keep Exchange
ESP is
UDP encapsulated
TCP encapsulated
Authenticates or encrypts packets using the following protocols: (Select 3)
Internet Key Exchange (IKE)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Provides both data integrity and encryption:
Easy configuration Few tunnels High central bandwidth Not fault tolerant Low system requirements on average, but high for center Scalable No direct communication between spokes
Hub-and-Spoke
Partial Mesh
Full Mesh
Moderate configuration Medium number of tunnels Medium bandwidth in hub sites Some fault tolerance Medium system requirements Somewhat scalable Direct communication between some sites
Complex configuration Many tunnels Low bandwidth Fault tolerant High system requirements Difficult to scale Direct communication between all sites
FortiOS provides two options for IPsec VPNs:
route-based (also known as ❌) or policy-based (also known as ❌).
