Refer to the exhibit, which shows a partial troubleshooting command output. An administrator is extensively using IPsec on FortiGate. Many tunnels show information similar to the output shown in the exhibit. What can the administrator conclude?
A.
IPsec SAs cannot be offloaded.
B.
The two IPsec SAs, inbound and outbound, are copied to the NPU.
C.
Only the outbound IPsec SA is copied to the NPU.
D.
Only the inbound IPsec SA is copied to the NPU.
Correct answer A.
npu_flag=20 means unsupported cipher or HMAC. IPsec SA cannot be offloaded.
Source: Network_Security_Support_Engineer_7.4_Study_Guide, p. 328
npu_flag=20 means unsupported cipher or HMAC. IPsec SA cannot be offloaded. If both inbound and outbound IPsec SAs would be offloaded to NPU the flag would be npc_flag=03
npu_flag=03 Means that both ingress & egress ESP packets will be offloaded. npu_flag=20 Unsupported cipher or HMAC, IPsec SA cannot be offloaded.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Yaghu
4 days, 7 hours agoTweefo
5 days, 18 hours agoPoskgraff
1 week, 5 days ago79cab4d
1 week, 6 days agoAdonisthewise22
1 week, 6 days agoAdonisthewise22
1 week, 6 days agodjekson
2 weeks, 1 day agoAdonisthewise22
1 week, 6 days ago