View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 21 Discussion

Refer to the exhibits. The configuration of Windows PC, PC 1, with a default MTU of 1500 bytes, FortiGate interfaces with an MTU of 1000 bytes, and the results of PC 1 pinging over server 172.16.0.251 are shown. Why is the PC1 user unable to ping server 172.16.0.254 and seeing the message: Packet needs to be fragmented but DF set? (Choose one answer)

  • A. FortiGate honors the do not fragment bit and the packets are dropped. The user must adjust the ping MTU to 972 to succeed.
  • B. The ip.flags.mf option must be enabled on FortiGate. The user must adjust the ping MTU to 1000 to succeed.
  • C. The user must adjust the TCP maximum segment size (MSS) to 1000 for the ping to succeed.
  • D. The user must account for the size of the Ethernet header when configuring the MTU value.
Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments



Adam 2026-01-19 07:34:53

Selected Answers: A


IP fragmentation occurs when packets exceed the network's maximum transmission unit (MTU) size.
FortiOS defaults to honoring the DF bit, meaning FortiGate won't fragment IP packets larger than the interface MTU.
-f option in Windows CMD ping command is for "Don't fragment"
-l option in Windows CMD ping command is for payload size of 972 bytes + 20 bytes for IP header + 8 bytes for ICMP header = 1000 bytes of FortiGate MTU