Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Fortinet Exam NSE7_NST-7.2 Topic 1 Question 1 Discussion

Actual exam question for Fortinet's NSE7_NST-7.2 exam
Question #: 1
Topic #: 1
[All NSE7_NST-7.2 Questions]

Refer to the exhibit. which contains the output of diagnose vpn tunnel list.

Which command will capture ESP traffic for the VPN named DialUp_0?

Show Suggested Answer Hide Answer
Suggested Answer: C

Capturing ESP Traffic:

ESP (Encapsulating Security Payload) traffic is associated with IPsec and is identified by the protocol number 50. To capture ESP traffic, you need to filter packets based on this protocol.

In this specific case, you also need to filter for the host associated with the VPN tunnel, which is 10.200.3.2 as indicated in the exhibit.

Sniffer Command:

The correct command to capture ESP traffic for the VPN named DialUp_0 is:

diagnose sniffer packet any 'esp and host 10.200.3.2'

This command ensures that only ESP packets to and from the specified host are captured, providing a focused and relevant data set for troubleshooting.


Fortinet Documentation: Verifying IPsec VPN Tunnels (Fortinet Docs) (Welcome to the Fortinet Community!).

Fortinet Community: Troubleshooting IPsec VPN Tunnels (Welcome to the Fortinet Community!) (Fortinet Docs).

by Nickolas at Jun 03, 2024, 09:31 PM

Limited Time Offer

25%

Off

Get Premium NSE7_NST-7.2 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Reita
1 years ago
Option B, for sure. It's the simple and straightforward way to capture the ESP traffic.
upvoted 0 times
Gracia
11 months ago
I'll go with option B as well. It seems like the right command to capture ESP traffic.
upvoted 0 times
...
Pearly
12 months ago
Yeah, I agree. It's the most straightforward option.
upvoted 0 times
...
Leonor
12 months ago
I think option B is the best choice.
upvoted 0 times
...
...
Sueann
1 years ago
Hold up, is that a typo in option C? 10*200.3.2? Looks like someone's been playing around with their calculator!
upvoted 0 times
Lawrence
11 months ago
Definitely a typo, they probably meant to put a period instead of an asterisk.
upvoted 0 times
...
Fidelia
11 months ago
I think so too, it should be '10.200.3.2' instead of '10*200.3.2'.
upvoted 0 times
...
Stephaine
12 months ago
Yeah, that does look like a typo in option C.
upvoted 0 times
...
...
Verdell
1 years ago
Hmm, this is tricky. I'll have to go with D. Capturing traffic on port 4500 should do the trick.
upvoted 0 times
...
Galen
1 years ago
I'm going with C. The command 'esp and host 10*200.3.2' seems to target the specific VPN tunnel.
upvoted 0 times
...
Devora
1 years ago
Option B looks good. 'ip proto 50' should capture the ESP traffic for the VPN.
upvoted 0 times
Melina
11 months ago
Yeah, 'ip proto 50' should capture the ESP traffic for the VPN.
upvoted 0 times
...
Derick
12 months ago
I think option B is the correct one.
upvoted 0 times
...
Rozella
12 months ago
Yeah, 'ip proto 50' should capture the ESP traffic for the VPN.
upvoted 0 times
...
Amber
1 years ago
C) diagnose sniffer packet any 'esp and host 10*200.3.2'
upvoted 0 times
...
Tambra
1 years ago
B) diagnose sniffer packet any 'ip proto 50'
upvoted 0 times
...
Vonda
1 years ago
I think option B is the correct one.
upvoted 0 times
...
Marlon
1 years ago
A) diagnose sniffer packet any 'host 10.0.10.10'
upvoted 0 times
...
...
Dorothy
1 years ago
I disagree, I believe the correct answer is C) diagnose sniffer packet any 'esp and host 10*200.3.2'.
upvoted 0 times
...
Hyman
1 years ago
I think the answer is A) diagnose sniffer packet any 'host 10.0.10.10'.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77