Refer to the exhibits. The configuration of a user's Windows PC, which has a default MTU of 1500 bytes, along with FortiGate interfaces set to an MTU of 1000 bytes, and the results of PC1 pinging server 172.16.0.254 are shown. Why is the user in Windows PC1 unable to ping server 172.16.0.254 and is seeing the message: Packet needs to be fragmented but DF set? (Choose one answer)

A. Option ip.flags.mf must be set to enable on FortiGate. The user has to adjust the ping MTU to 1000 to succeed.
B. Fragmented packets must be encrypted. To connect any application successfully, the user must install the Fortinet_CA certificate in the Microsoft Management Console.
C. FortiGate honors the do not fragment bit and the packets are dropped. The user has to adjust the ping MTU to 972 to succeed.
D. The user must trigger different traffic because path MTU discovery techniques do not recognize ICMP payloads.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Brave-Dumps Admin 2025-04-28 20:14:58

Selected Answers: C

C is correct
EFW 7.4 study guide page 205 confirms that,

"PMTUD works by setting the DF flag on outgoing packets and then listening for ICMP 'fragmentation needed' messages from devices along the path."

"Here, a payload of 1472 bytes succeeds, but a payload of 1500 bytes fails, suggesting that the latter exceeds MTU limits."