You are having issues with dynamic routing after a failover. The traffic is now coming from the backup and is being dropped as out of state. What is the BEST configuration to avoid stateful inspection dropping your dynamic routing traffic?
A. Implement Wire mode.
B. In Global Properties select Accept other IP protocols stateful replies for unknown services.
C. Enable Visitor mode.
D. Create additional explicit rules.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
A
Read the “Overview of Wire Mode” section in
https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm?topic=documents/R77/CP_R77_VPN_AdminGuide/14037
to put it simply, Wire Mode improves connectivity by allowing existing connections to fail over successfully by bypassing firewall enforcement.
if it coming and going to trusted src & dst, stateful inspection is not enforced and the traffic between the trusted interfaces bypasses the firewall. Since no stateful inspection takes place, no packets can be discarded.