You are the VPN-1/Firewall-1 administrator for a company WAN. You want all users to
communicate across WAN securely. You must use an encryption scheme that does not change
packet size, to allow for better network performance. You must also be able to define the
Certificate Authority from your local VPN-1/Firewall-1 Management Module. Which encryption
scheme do you choose?
A.
Rgindal
B.
FWZ
C.
IKE
D.
Triple DES.
E.
Manual IPSec.
Explanation:
: FWZ support in-place encryption, encrypting the payload portion (data) of the packet and leaving
the original TCP/IP headers intact. Because packet size is not increased, in-place encryption
allows for better network performance than the provided by IKE encryption. FWZ encryption gets
certified Diffie-Hellman public keys from a trusted certificate authority, the CP Management server.
See Page 7.16 of CCSE NG Official Courseware. (VPN1-FW1 Management II NG FP-1).
Note: FWZ is and has not been supported by checkpoint since NGFP1.