FCSS – Enterprise Firewall Administrator 7.6 — Question 16

During the last network migration, the IT department discovered that all zero phase selectors in phase 2 IPsec configurations impact network operations.
What are two valid recommendations to prevent potential invalid paths during future migrations? (Choose two.)

Answer options

• A. Configure an IP address on the IPsec interface of each firewall to establish unique peer connections and avoid impacting network operations.
• B. Configure the VPN with the exact segments that will be encrypted in the phase two selectors.
• C. Configure an IPsec aggregate to create redundancy between each firewall peer.
• D. Configure routing protocols to specify allowed subnets over the tunnel.

Correct answer: B, D

Explanation

Option B is correct because configuring the VPN with the specific segments for encryption ensures that only the needed traffic is encrypted, preventing issues with zero phase selectors. Option D is also valid as it helps define which subnets can traverse the tunnel, enhancing routing clarity. Options A and C do not directly address the issue of zero phase selectors affecting network operations.