Fortinet FCSS_EFW_AD-7.6 Exam - Topic 1 Question 10 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.6 exam

Question #: 10
Topic #: 1

During the maintenance window, an administrator must sniff all the traffic going through a specific firewall policy, which is handled by NP6 interfaces. The output of the sniffer trace provides just a few packets.

Why is the output of sniffer trace limited?

AThe traffic corresponding to the firewall policy is encrypted.

Bauto-asic-off load is set to enable in the firewall policy,

Cinspection-mode is set to proxy in the firewall policy.

DThe option npudbg is not added in the diagnose sniff packet command.

Show Suggested Answer

Suggested Answer: B

FortiGate devices with NP6 (Network Processor 6) acceleration offload traffic directly to hardware, bypassing the CPU for improved performance. When auto-asic-offload is enabled in a firewall policy, most of the traffic does not reach the CPU, which means it won't be captured by the standard sniffer trace command.

Since NP6-accelerated traffic is handled entirely in hardware, only a small portion of initial packets (such as session setup packets or exceptions) might be seen in the sniffer output. To capture all packets, the administrator must disable hardware offloading using:

config firewall policy

edit

set auto-asic-offload disable

end

Disabling ASIC offload forces traffic to be processed by the CPU, allowing the sniffer tool to capture all packets.

by Camellia at May 14, 2026, 05:07 AM

Limited Time Offer

25%

Off

Get Premium FCSS_EFW_AD-7.6 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!