ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE8_811 All Questions

View all questions & answers for the NSE8_811 exam
Go to Exam

Exam NSE8_811 topic 1 question 17 discussion

Actual exam question from Fortinet's NSE8_811
Question #: 17
Topic #: 1
[All NSE8_811 Questions]

You cannot ping the FortiGate default gateway 10.10.10.1 from the FortiGate CLI. The FortiGate interface facing the default gateway is wan1 and its IP address is
10.10.10.254/24. During the initial troubleshooting tests, you confirm that you can ping other IP addresses in the 10.10.10.0/24 subnet from the FortiGate CLI without packets lost.
Which two CLI commands will help you to troubleshoot this problem? (Choose two.)

  • A. diagnose debug flow filter saddr 10.10.10.1 diagnose debug flow trace start 10
  • B. diagnose hardware deviceinfo nic wan1
  • C. diagnose ip arp list
  • D. diag sniffer packet wan1 'arp and host 10.10.10.1'
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by sinusoidal at May 11, 2021, 9:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sumajestad
2 years, 6 months ago
Selected Answer: CD
Correct: CD
upvoted 1 times
...
aioross
2 years, 6 months ago
Selected Answer: CD
Correct: CD To check arp list, sniffer to host and arp, "arp" its possible use in sniffer Example: FGT # diagnose sniffer packet port1 "host 221.142.61.32 and arp" 4 interfaces=[port1] filters=[host 221.142.61.32 and arp] 17.766400 port1 -- arp who-has 221.142.61.32 tell 221.142.61.32 No A, because its in same segment and using source address, device info nic, mmm only to know physical mac wan1
upvoted 1 times
...
sumajestad
2 years, 6 months ago
I would say C,D --- sniffer with arp flag is perfectly possible
upvoted 1 times
...
kinge2
2 years, 8 months ago
Selected Answer: AC
Answer is A and C, B is wrong because that command give you conuters and nothing else https://docs.fortinet.com/document/fortigate/6.0.0/hardware-acceleration/90160/diagnose-hardware-deviceinfo-nic-interface-name-number-of-packets-dropped-by-an-interface D is incorrect because you need to use the following if need to see arp packets Match ARP packets only: # diagnose sniffer packet wan1 "ether proto 0x0806" https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sniffer/ta-p/194222
upvoted 1 times
...
cragasy
3 years, 7 months ago
i'm thinking of B, to check hardware first (even though other 10.1.1.0/24 are reachable) and C, to check the ARP list
upvoted 1 times
...
HenkBert
3 years, 9 months ago
yes A is incorrect, as it specifies saddr.
upvoted 1 times
...
priv_forti
3 years, 10 months ago
C and D are most likely the right ones. A does not makes sense, using debug flow is usually to check outgoing policy or Natting behavior. in this case, we are still on the local network
upvoted 2 times
...
sinusoidal
3 years, 11 months ago
C & D not more likely?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago