NSE 7 – Enterprise Firewall 6.2 — Question 1

An administrator wants to capture ESP traffic between two FortiGate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator execute?

Answer options

• A. diagnose sniffer packet any "˜esp'
• B. diagnose sniffer packet any "˜udp port 4500'
• C. diagnose sniffer packet any "˜udp port 500'
• D. diagnose sniffer packet any "˜tcp port 500 or tcp port 4500'

Correct answer: C

Explanation

The correct command is 'diagnose sniffer packet any 'udp port 500'' because ESP traffic uses UDP port 500 for key exchange in IKE. The other options are incorrect as they either capture different protocols or ports that are not relevant to ESP traffic between FortiGate devices.