When distributing IPSec packets to gateways in a Load Sharing Multicast mode cluster, which
valid Load Sharing method will consider VPN information?
A.
Load Sharing based on SPIs
B.
Load Sharing based on IP addresses, ports, and serial peripheral interfaces
C.
Load Sharing based on IP addresses, ports, and security parameter indexes
D.
Load Sharing based on ports, VTI, and IP addresses
c
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31533
The Sticky Decision Function does not maintain stickiness in VPN Routing (back-to-back VPN) Gateways where both sides of the connection are encrypted.
The various sharing configurations are based on different criteria:
IPs, Ports, SPIs (default) provides the best sharing distribution, and is recommended for use. It is the least “sticky” sharing configuration.
IPs, Ports should be used only if problems arise when distributing IPSec packets to a few machines even though they have the same source and destination IP addresses.
IPs is the most “sticky” sharing configuration, in other words, it increases the probability that a certain connection will pass through a single cluster member on both inbound and outbound directions.
B is correct. SPI is Serial Peripheral Interface
SPI = security parameter indexes
C. Load Sharing based on IP addresses, ports, and security parameter indexes