A company's users on an IPsec VPN between FortiGate A and B have experienced intermittent issues since implementing VXLAN. The administrator suspects that packets exceeding the 1500-byte default MTU are causing the problems. In which situation would adjusting the interfaces maximum MTU value help resolve issues caused by protocols that add extra headers to IP packets? (Choose one answer)

A. Adjust the MTU on interfaces only if FortiGate has the FortiGuard enterprise bundle, which allows MTU modification.
B. Adjust the MTU on interfaces in all FortiGate devices that support the latest family of Fortinet SPUs: NP7, CP9 and SP5.
C. Adjust the MTU on interfaces in controlled environments where all devices along the path allow MTU interface changes.
D. Adjust the MTU on interfaces only in wired connections like PPPoE, optic fiber, and ethernet cable.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Brave-Dumps Admin 2025-04-27 12:30:14

Selected Answers: C

C is correct
EFW 7.4 study guide confirms that,

page 203:
"Exceeding MTU causes fragmentation. Fragmentation impacts network performance. Fragmentation can cause data loss."

page 206:
While data packets around 1500 bytes typically transmit smoothly, certain protocols, like the ones listed on this
slide, can introduce conditions that necessitate fragmentation.
• Virtual eXtensible LAN (VXLAN): extends layer 2 networks, adding 50 bytes..

If your packet flow involves one or more of the protocols shown in this slide, you may need to consider the
following options:
• Increase the MTU on the interface (the most common approach).
• Adjust the TCP maximum segment size in the firewall policy.
• Set the fragmentation MTU in IPsec phase