NSE 7 – Network Security Technologies 7.2 — Question 57

An administrator wants to capture encrypted phase 2 traffic between two FortiGate devices using the built-in sniffer.

If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

Answer options

• A. diagnose sniffer packet any ‘udp port 500’
• B. diagnose sniffer packet any ‘ip proto 50’
• C. diagnose sniffer packet any ‘udp port 4500’
• D. diagnose sniffer packet any ‘ah’

Correct answer: B

Explanation

The correct answer is B because IPsec phase 2 traffic uses the ESP protocol, which is identified by protocol number 50. The other options either refer to different ports or protocols that are not used for capturing the phase 2 traffic specifically.