A FortiGate administrator is configuring a multi-peer IPsec VPN where two remote sites (Site A and Site B) connect to a central hub. The administrator wants to ensure that if the primary peer for a site goes down, traffic automatically fails over to the backup peer. Which TWO settings must be configured on the hub's phase1?