A FortiGate administrator is troubleshooting a VPN that is failing to establish. As a first step, the administrator is attempting to sniff the traffic using the command: # diagnose sniffer packet any "udp port 500 or udp port 4500 or esp" 4 After several minutes there is still no output. What is the most likely reason for this? (Choose one answer)

A. The VPN is configured to use IKE over TCP.
B. The ISP is blocking all VPN traffic.
C. esp is not a valid sniffer argument.
D. Mismatched IKE versions are detected on the VPN peers.

Correct Answer: A

Brave-Dump Clients Votes

A 100%

Comments

Brave-Dumps Admin 2025-11-07 16:30:23

Selected Answers: A

Study Guide page 339
"In some networks, UDP is blocked by firewalls or ISPs. In those cases, you can configure your VPN tunnel to
use IKE over TCP in the phase 1 configuration. The default IKE TCP port is 443 but you can change the port
under config system settings. Note that the default IKE TCP port is 443 for new FortiOS 7.6
installations only. If you upgrade your FortiGate from previous FortiOS versions, the default port is still TCP
4500"

Adam 2026-01-06 06:37:08
Hello, can you please advise why B is wrong?