An organization will be extending its existing on-premises infrastructure into the cloud. The design consists of a transit VPC that contains stateful firewalls that will be deployed in a highly available configuration across two Availability Zones for automatic failover.
What MUST be configured for this design to work? (Select two.)
A. A different Autonomous System Number (ASN) for each firewall.
B. Border Gateway Protocol (BGP) routing
C. Autonomous system (AS) path prepending
D. Static routing
E. Equal-cost multi-path routing (ECMP)
B+C
A & C
Since firewalls are stateful, you need a different ASN for each firewall and AS path prepending to force traffic to egress ingress from a specific firewall. Firewalls will drop traffic returning if it doesn’t have an existing session for it..