U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Fortinet FCSS_EFW_AD-7.6 Exam - Topic 1 Question 10 Discussion

During the maintenance window, an administrator must sniff all the traffic going through a specific firewall policy, which is handled by NP6 interfaces. The output of the sniffer trace provides just a few packets.Why is the output of sniffer trace limited?
B) auto-asic-off load is set to enable in the firewall policy,
A) The traffic corresponding to the firewall policy is encrypted.
C) inspection-mode is set to proxy in the firewall policy.
D) The option npudbg is not added in the diagnose sniff packet command.

Fortinet FCSS_EFW_AD-7.6 Exam - Topic 1 Question 10 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.6 exam
Question #: 10
Topic #: 1
[All FCSS_EFW_AD-7.6 Questions]

During the maintenance window, an administrator must sniff all the traffic going through a specific firewall policy, which is handled by NP6 interfaces. The output of the sniffer trace provides just a few packets.

Why is the output of sniffer trace limited?

Show Suggested Answer Hide Answer
Suggested Answer: B

FortiGate devices with NP6 (Network Processor 6) acceleration offload traffic directly to hardware, bypassing the CPU for improved performance. When auto-asic-offload is enabled in a firewall policy, most of the traffic does not reach the CPU, which means it won't be captured by the standard sniffer trace command.

Since NP6-accelerated traffic is handled entirely in hardware, only a small portion of initial packets (such as session setup packets or exceptions) might be seen in the sniffer output. To capture all packets, the administrator must disable hardware offloading using:

config firewall policy

edit

set auto-asic-offload disable

end

Disabling ASIC offload forces traffic to be processed by the CPU, allowing the sniffer tool to capture all packets.


Contribute your Thoughts:

0/2000 characters
Maia
1 month ago
I remember something about encrypted traffic possibly limiting what we can see in a sniffer trace, but I'm not entirely sure if that's the main reason here.
upvoted 0 times
...

Save Cancel