NSE 7 – Enterprise Firewall 6.4 — Question 23

An administrator wants to capture ESP traffic between two Fortigate devices using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGate devices, which command should the administrator run?

Answer options

• A. diagnose sniffer packet any 'esp'
• B. diagnose sniffer packet any 'udp port 4500'
• C. diagnose sniffer packet any 'tcp port 500 or tcp port 4500'
• D. diagnose sniffer packet any 'udp port 500'

Correct answer: A

Explanation

The correct answer is A, as the command specifically targets ESP traffic, which is essential for monitoring the specific encapsulation security protocol. The other options focus on UDP and TCP ports related to IPsec but do not directly capture ESP packets, making them unsuitable for this task.