nerdexam
Fortinet

FCSS_NST_SE-7.6 · Question #82

FCSS_NST_SE-7.6 Question #82: Real Exam Question with Answer & Explanation

The correct answer is C. Hardware offload is disabled on FGT-02.. No ESP packets show up on FGT‑02's CPU because the tunnel traffic is being offloaded to its NP hardware, bypassing the kernel sniffer. In other words, hardware offload is active for IPsec on FGT‑02, so you won't see ESP in a CPU‑based packet capture on that device.

Question

Refer to the exhibit, which shows the sniffer log on two FortiGate devices. The IPsec tunnel is up on both ends of the tunnel, but traffic is not flowing. Based on the information in the log, which scenario explains the output on FortiGate FGT-02?

Exhibit

FCSS_NST_SE-7.6 question #82 exhibit

Options

  • AThe encryption method is not supported on FGT-02.
  • BA third-party device is blocking protocol 50.
  • CHardware offload is disabled on FGT-02.
  • DThe IKE daemon crashed.

Explanation

No ESP packets show up on FGT‑02's CPU because the tunnel traffic is being offloaded to its NP hardware, bypassing the kernel sniffer. In other words, hardware offload is active for IPsec on FGT‑02, so you won't see ESP in a CPU‑based packet capture on that device.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full FCSS_NST_SE-7.6 Practice