HPE Aruba Certified Network Security Expert (ACNSX) — Question 74

A network administrator is implementing OSPF, where there are two exit points. Each exit point has a stateful, application inspection firewall to implement company policies.
What would the best practice be to ensure that one firewall will see both directions of the traffic, preventing asynchronous connections in the network?

Answer options

• A. Both ASBRs should define External Type 1 routes for the external routes, using a different initial cost value for each ASBR.
• B. Both ASBRs should define External Type 1 routes for the external routes, using the same initial cost value for each ASBR.
• C. Both ASBRs should define External Type 2 routes for the external routes, using the same initial cost value for each ASBR.
• D. Both ASBRs should define External Type 2 routes for the external routes, using a different initial cost value for each ASBR.

Correct answer: D

Explanation

Choosing option D is correct because defining External Type 2 routes with different initial cost values for each ASBR allows for proper load balancing while ensuring that one firewall sees both directions of traffic. Options A and B, which use External Type 1 routes, do not achieve the same result and can lead to inconsistent routing behaviors. Option C, while using External Type 2 routes, fails to differentiate the initial cost, which could lead to similar routing issues.