FCSS – Network Security Specialist 7.6 — Question 25

A VPN tunnel is up. To monitor traffic flow, the administrator enters the following CLI commands on an SSH session on FortiGate:
# diagnose debug enable
# diagnose sniffer packet any ’udp and port 500’ 4
However, the sniffer does not show any output.
Assuming default configuration values, what are two possible reasons there is no output? (Choose two.)

Answer options

• A. The sniffer output will be ignored because running diagnose debug enable shows only application real-time debugs.
• B. NAT Traversal is enabled.
• C. The sniffer must be restricted to the remote peer IP address.
• D. The filter should be modified to also capture packets for TCP port 443 or TCP port 4500.

Correct answer: B, D

Explanation

The correct answer includes option B because if NAT Traversal is enabled, it can change how packets are handled, preventing them from being captured by the sniffer. Option D is also correct since the filter may need to include TCP port 4500 to capture all relevant packets, especially given that VPN traffic can also use this port for NAT-T. Options A and C are incorrect as they do not relate directly to the reasons for the absence of output from the sniffer.