Which are two (2) advanced policy configuration options?

Which are two (2) advanced policy configuration options?

Which are two (2) advanced policy configuration options?

A.
Schedule

B.
Service group

C.
Authentication

D.
Source address

E.
Action (permit, deny, tunnel)

Explanation:

Schedule
A schedule is a configurable object that you can associate with one or more policies to define when they are in
effect. Through the application of schedules, you can control network traffic flow and enforce network security.
The schedule option can be found under the advanced policy section. When you define a schedule, enter values for the following parameters:
Schedule Name:The name that appears in the Schedule drop-down list in the Policy Configuration dialog
box. Choose a descriptive name to help you identify the schedule. The name must be unique and is limited
to19 characters.
Comment:Any additional information that you want to add. Recurring:Enable this when you want the schedule to repeat on a weekly basis. Start and End Times:You must configure both a start time and an end time. You can specify up to
twotime periods within the same day.
Once:Enable this when you want the schedule to start and end only once. mm/dd/yyyyhh:mm:You must enter both start and stop dates and times.
Service Group
Services are objects that identify application protocols using layer4 information such as standard and accepted TCP and UDP port numbers for application services like Telnet, FTP, SMTP, and HTTP. TheScreenOSincludes predefined core Internet services. Additionally, you can define custom services. You can define policies that specify which services are permitted, denied, encrypted, authenticated, logged, or counted.
Authentication
Selecting this option requires the auth user at the source address to authenticate his/her identity by supplying a user name and password before traffic is allowed to traverse the firewall or enter the VPN tunnel. TheNetScreendevice can use the local database or an external RADIUS,SecurID , or LDAP auth server to perform the authentication check. The authentication options can be found under the advanced policy section.NetScreenprovides two authentication schemes:
Run-time authentication, in which theNetScreendevice prompts an auth user to log on when it receives
HTTP, FTP or Telnet traffic matching a policy that has authentication enabled WebAuth, in which a user must authenticate himself or herself before sending traffic through theNetScreen
device
Source Address
You can apply source address translation (NAT-src) at the policy level. With NAT-src, you can translate the source address oneither incoming or outgoing network andVPN traffic. The new source address can come from either a dynamic IP (DIP) pool or the egress interface. NAT-src also supports source port address translation (PAT).
Action
An action is an object that describes what the firewall does to the traffic it receives.
Deny blocks the packet from traversing the firewall.
Permit allows the packet to pass the firewall.
Reject blocks the packet from traversing the firewall. TheNetScreendevice drops the packet and sends a
TCP reset (RST) segment to the source host for TCP traffic3 and an ICMP "destination unreachable, port
unreachable" message (type 3, code 3) for UDP traffic. For types of traffic other than TCP and UDP, the
NetScreendevice drops the packet without notifying the source host, which is also what occurs when the
actionis "deny".
Tunnel encapsulates outgoing IP packets anddecapsulatesincoming IP packets. For anIPSec VPN
tunnel, specify which VPN tunnel to use. For an L2TP tunnel, specify which L2TP tunnel to use.
For
L2TP-over-IPSec, specify both anIPSecVPN tunnel and an L2TP tunnel4. TheNetScreendevice applies the specified action on traffic that matches the previously presented criteria: zones (source and destination), addresses (source and destination), and service.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I agree with the answer. AC