There are certain general recommendations for improving the performance of Check Point VPN-1/Firewall-1, Choose all that apply.
1. Use Domain objects when possible.
2. User Network instead of Address Ranges.
3. Combine similar rules to reduce the number of rules.
4. Enable VPN-1/Firewall-1 control connections.
5. Keep Rule Base small and simple.
A.
1, 2, 3.
B.
1, 2, 4.
C.
2, 3, 5.
D.
1, 2, 3, 4, 5.
E.
1, 3, 5.
Explanation:
: Since all the answers except “C” includes the use of Domain objects when possible, the answer
C is obviously right. Domain objects are not recommended by checkpoint because they degrade
performance with the name resolution and translation process. Of course, keeping the rule base
simple and consolidating your similar rules is always a best practice. Also it’s better to use
Network objects because an address range is not always in continuous fashion.