— Exhibit –-
security {
policies {
from-zone TRUST to-zone UNTRUST {
policy allow-all {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
policy allow-hosts {
match {
source-address hosts;
destination-address any;
application junos-http;
}
then {
permit;
}
scheduler-name block-hosts;
}
policy deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
}
schedulers {
scheduler block-hosts {
daily {
start-time 10:00:00 stop-time 18:00:00;
}
}
}
— Exhibit –-
Refer to the Exhibit.
Referring to the exhibit, you have configured a scheduler to allow hosts access to the Internet
during specific times. You notice that hosts are unable to access the Internet.
What is blocking hosts from accessing the Internet?
A.
The policy allow-all should have the scheduler applied.
B.
The policy allow-hosts should match on source-address any.
C.
The policy allow-hosts should have an application of any.
D.
The policy allow-all should have a then statement of permit.
If it will be permitted in first rule, without scheduler it will be ALWAYS permit, not only in specific time. So why D?
In the other hand when we pick A then traffic will be deny at mentioned time instead of permit. Any idea what is correct answer?
Selvan, The question has no relation with the Scheduler, The last considerable option is D. Don’t forget the initial Question.