Which component of VPN-1/FireWall-1 is used for Content Security to prevent end-user access to
specific URLs?
A.
UFP Server
B.
TACACS Server
C.
URI Server
D.
CVP Server
E.
DEFENDER Server
Explanation:
Filtering with a UFP Server
The UFP URI Match Specification Type allows firewall administrators
to use an OPSEC server to keep track of sites they wish to block or filter.
Before you create the resource object, you must create a Host Node object
and pull it into an OPSEC application object as described in the section
“Creating CVP and UFP Objects in FireWall -1” earlier in this chapter. Then,
you can create a resource and select the UFP radio button under the URI
Match Specification Type in the General tab of the URI Resource Properties,
as shown in Figure below.With UFP selected, the Match tab appears as shown in Figure below.
The OPSEC server is pulled into the UFP Server field, and the categories
you wish to filter/block are listed in the Categories field. You have caching
options to speed up web browsing. The choices are No Caching, UFP Server,
and VPN-1 & FireWall-1(one or two requests). Because the investment has
been made for a UFP server, it makes sense to use this caching feature on the
UFP server to speed up web browsing for users.There is one more option under the Match tab-Ignore UFP Server After
Connection Failure-but we consider this option useless. You can define the
number of failures and the timeout for reconnection; if the firewall still cannot
contact the UFP server after that time period, then the firewall will ignore
the UFP server and allow the traffic to proceed unfiltered.