Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Fortinet Exam FCSS_EFW_AD-7.6 Topic 3 Question 1 Discussion

Actual exam question for Fortinet's FCSS_EFW_AD-7.6 exam
Question #: 1
Topic #: 3
[All FCSS_EFW_AD-7.6 Questions]

A company's users on an IPsec VPN between FortiGate A and B have experienced intermittent issues since implementing VXLAN. The administrator suspects that packets exceeding the 1500-byte default MTU are causing the problems.

In which situation would adjusting the interface's maximum MTU value help resolve issues caused by protocols that add extra headers to IP packets?

Show Suggested Answer Hide Answer
Suggested Answer: C

When using IPsec VPNs and VXLAN, additional headers are added to packets, which can exceed the default 1500-byte MTU. This can lead to fragmentation issues, dropped packets, or degraded performance.

To resolve this, the MTU (Maximum Transmission Unit) should be adjusted only if all devices in the network path support it. Otherwise, some devices may still drop or fragment packets, leading to continued issues.

Why adjusting MTU helps:

VXLAN adds a 50-byte overhead to packets.

IPsec adds additional encapsulation (ESP, GRE, etc.), increasing the packet size.

If packets exceed the MTU, they may be fragmented or dropped, causing intermittent connectivity issues.

Lowering the MTU on interfaces ensures packets stay within the supported size limit across all network devices.


by Marlon at Oct 03, 2025, 02:20 AM

Limited Time Offer

25%

Off

Get Premium FCSS_EFW_AD-7.6 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Florinda
5 days ago
I remember studying that adjusting MTU can help with fragmentation issues, especially with protocols like VXLAN that add headers.
upvoted 0 times
...
Timmy
11 days ago
I'm a bit uncertain about this one. The question seems to be focused on the FortiGate devices, but the answer choices don't really align with that. I think I'll need to review the VXLAN and MTU concepts a bit more before I can confidently select an answer.
upvoted 0 times
...
Scarlet
16 days ago
I'm leaning towards option C. It makes sense that we need to ensure all devices along the path can handle the MTU changes, otherwise we might just create more issues. The question is specifically about resolving problems caused by VXLAN, so we need to make sure the entire network can support the adjusted MTU.
upvoted 0 times
...
Timmy
21 days ago
Hmm, this is a tricky one. I think the key is to focus on the protocols that add extra headers to the IP packets. If we can identify those protocols, then we can adjust the MTU on the interfaces to accommodate the larger packet sizes. But I'm not sure if the answer choices fully capture that approach.
upvoted 0 times
...
Nicolette
26 days ago
I'm a bit confused here. Wouldn't adjusting the MTU on the FortiGate interfaces be the best solution, regardless of the device type or connection? I'm not sure why the question is so specific about the FortiGuard bundle or certain Fortinet SPUs.
upvoted 0 times
...
Thea
1 months ago
I'm pretty sure the answer is C. We need to adjust the MTU on interfaces in controlled environments where all devices along the path allow MTU interface changes. That's the only way to ensure the packets don't get fragmented.
upvoted 0 times
...

Save Cancel