NSE 8 – Network Security Expert (812) — Question 38

You deployed a fully loaded FG-7121F in the data center and enabled sslvpn-load-balance.

Based on the behavior of this feature which statement is correct?

Answer options

• A. You can use src-ip or dst-ip-dport on dp-load-distribution-method to make SSL VPN load balancing work as expected.
• B. If an FPM goes down, SSL VPN IP pool IP addresses will be re-allocated to the remaining FPMs.
• C. To have better traffic distribution you should use IP pools that increment in multiples of 12.
• D. Enabling SSL VPN load balancing will clear the session table.

Correct answer: D

Explanation

The correct answer is D because enabling SSL VPN load balancing indeed clears the session table to facilitate the redistribution of sessions. Option A is incorrect as src-ip or dst-ip-dport is not necessary for SSL VPN load balancing to function. Option B is wrong because the IP pool does not automatically reallocate in case of an FPM failure. Option C is also incorrect; the size of IP pools does not need to adhere to specific multiples for effective traffic distribution.