In the Rule Base displayed, user authentication in Rule 4 is configured as fully automatic. Eric is a
member of the LDAP group, MSD_Group.
What happens when Eric tries to connect to a server on the Internet?
A.
None of these things will happen.
B. Eric will be authenticated and get access to the requested server.
C.
Eric will be blocked because LDAP is not allowed in the Rule Base.
D.
Eric will be dropped by the Stealth Rule.
Not seeing any display for this question, but how can D) be the answer when the Stealth Rule serves to prevent access to the management interfaces of the Gateway and Security Management Server.
0
0
D)
0
0
exhibit:
http://cdn.aiotestking.com/wp-content/uploads/156-215-13/29.jpg
0
0
“user authentication in Rule 4 is configured as fully automatic”. Rule 4 is stealth rule => I would say it is wrong picture.
0
0
OK, @Lukas let say in the question should say “user authentication in Rule 3 is configured as fully automatic” so let’s not get confussed there.
So the logic will be:
Client Auth -> Fully Auto -> For HTTP or HTTPS uses User Auth.
The first match will be with Rule #3.
Now, as we all know when we are dealing with “User Auth” the Rule Base order change.
So now the firewall will look for the Less Restrictive rule for HTTP (or HTTPS)
That gives us 3 options: Rule #4, #5 & #6. Now the Firewall will have to decide which of this rules is the less restrictive one (or more open rule)
Rule #4: Source is “ANY”, Rules #5 & #6 Source are specific subnets.
Therefore Rule #4 is the one the firewall selects for that packet, so it will be dropped.
0
0
Thank you for the very clear explanation.
0
0
Conrag Parker.
may you also assist with the questions i want to write.
enocktliv@gmail.com
0
0