Which three configuration scenarios will result in an IPsec negotiation failure between two FortiGate
devices? (Choose three.)

A.
mismatched phase 2 selectors
B.
mismatched Anti-Replay configuration
C.
mismatched Perfect Forward Secrecy
D.
failed Dead Peer Detection negotiation
E.
mismatched IKE version
Explanation:
In IPsec negotiations, Perfect Forward Secrecy (PFS) ensures that each new cryptographic key is unrelated
to any previous key. Either enable or disable PFS on both the tunnel peers; otherwise, the LAN-to-LAN
(L2L) IPsec tunnel is not established
A, C, E.
1
0
Other answers here are A and E. B is a local security option and the remote side doesn’t know or care if it’s on. D is wrong because DPD does not negotiate, it simply checks to see if peer is alive.
1
0