FCSS – Enterprise Firewall Administrator 7.4 — Question 25

A company's users on an IPsec VPN between FortiGate A and B have experienced intermittent issues since implementing VXLAN. The administrator suspects that packets exceeding the 1500-byte default MTU are causing the problems.
In which situation would adjusting the interface’s maximum MTU value help resolve issues caused by protocols that add extra headers to IP packets?

Answer options

• A. Adjust the MTU on interfaces only if FortiGate has the FortiGuard enterprise bundle, which allows MTU modification.
• B. Adjust the MTU on interfaces in all FortiGate devices that support the latest family of Fortinet SPUs: NP7, CP9 and SP5.
• C. Adjust the MTU on interfaces in controlled environments where all devices along the path allow MTU interface changes.
• D. Adjust the MTU on interfaces only in wired connections like PPPoE, optic fiber, and ethernet cable.

Correct answer: C

Explanation

Adjusting the MTU on interfaces in controlled environments where all devices support MTU changes (option C) allows for optimal packet size management and prevents fragmentation. The other options are either too restrictive or incorrect, as MTU adjustments can be beneficial beyond just specific FortiGuard bundles, device families, or wired connections.