Which of the following is the BEST explanation for this behavior?

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R71 Security Gateway to a partner site. Rules for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every one minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a policy install).If your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets every minute interval.If GRE encapsulation is turned off on the router. SmartView Tracker shows a log entry for the UDP keep-alive packet every minute. Which of the following is the BEST explanation for this behavior?

An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R71 Security Gateway to a partner site. Rules for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every one minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a policy install).If your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets every minute interval.If GRE encapsulation is turned off on the router. SmartView Tracker shows a log entry for the UDP keep-alive packet every minute. Which of the following is the BEST explanation for this behavior?

A.
The Log Server log unification process unifies all log entries from the Security Gateway on specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged. connection at the beginning of the day

B.
The Log Server is failing to log GRE traffic property because it is VPN traffic. Disable all VPN configurations to the partner site to enable proper logging.

C.
The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R71 Security Gateway cannot distinguish between GRE sessions. This is a known issue with the GRE. Use IPSEC instead of the non GRE protocol for encapsulation.

D.
The setting Log does not capture this level of details for GRE Set the rule tracking a action to audit since certain types of traffic can only tracked this way.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

Correct answer is A