FCSS – Enterprise Firewall Administrator 7.4 — Question 57

The IT department discovered during the last network migration that all zero phase selectors in phase 2 IPsec configurations impacted network operations.
What are two valid approaches to prevent this during future migrations? (Choose two.)

Answer options

• A. Use routing protocols to specify allowed subnets over the tunnel.
• B. Configure an IPsec-aggregate to create redundancy between each firewall peer.
• C. Clearly indicate to the VPN which segments will be encrypted in the phase two selectors.
• D. Configure an IP address on the IPsec interface of each firewall to establish unique peer connections and avoid impacting network operations.

Correct answer: A, C

Explanation

Option A is correct because using routing protocols helps to define which subnets are allowed, reducing the risk of misconfigurations. Option C is also correct as it ensures that only the intended segments are encrypted, preventing issues associated with all zero selectors. Options B and D do not directly address the issue of zero phase selectors impacting network operations during migrations.