John is the MegaCorp Security Administrator, and is using Check Point R71. Malcolm is the
Security Administrator of a partner company and is using a different vendor’s product and both
have to build a VPN tunnel between their companies. Both are using clusters with Load Sharing
for their firewalls and John is using ClusterXL as a Check Point clustering solution. While trying to
establish the VPN, they are constantly noticing problems and the tunnel is not stable and then
Malcolm notices that there seems to be 2 SPIs with the same IP from the Check Point site. How
can they solve this problem and stabilize the tunnel?
A.
This can be solved by running the command Sticky VPN on the Check Point CLI. This keeps
the VPN Sticky to one member and the problem is resolved.
B.
This is surely a problem in the ISPs network and not related to the VPN configuration.
C.
This can be solved when using clusters; they have to use single firewalls.
D.
This can easily be solved by using the Sticky decision function in ClusterXL.
Explanation: