An administrator wants to capture ESP traffic between two FortiGates using the built-in sniffer.
If the administrator knows that there is no NAT device located between both FortiGates, what command should the administrator execute?
A . diagnose sniffer packet any ‘udp port 500’
B . diagnose sniffer packet any ‘udp port 4500’
C . diagnose sniffer packet any ‘esp’
D . diagnose sniffer packet any ‘udp port 500 or udp port 4500’
Answer: C
Explanation:
Capture IKE Traffic without NAT:diagnose sniffer packet ‘host and udp port 500’―――――――――――――――――――――――――――――――――――――-Capture ESP Traffic without NAT:diagnose sniffer packet any ‘host and esp’―――――――――――――――――――――――――――――――――――――-Capture IKE and ESP with NAT-T:diagnose sniffer packet any ‘host and (udp port 500 or udp port 4500)’
Latest NSE7_EFW-6.4 Dumps Valid Version with 102 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund