Which rule is responsible for the client authentication failure?
Exhibit:
A.
Rule 4
B. Rule 6
C.
Rule 3
D.
Rule 5
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
Got this question in today exam.Answer C
Clue :stealth rule shouldn’t be above client authentication rule.
0
0
U can use the following exhibit for that question:
http://cdn.aiotestking.com/wp-content/uploads/156-215-13/24.jpg
0
0
Why C (rule 3)? Can you explain? Rule 3 drops traffic (including http) destined to the firewall itself. It should not block traffic destined to host webSingapore. Am I wrong?
0
0
correct answer should be A
0
0
for client authentication you need to authenticate on the GW using telnet 259 or http 900. But this traffic is blocked by stealth rule => C is correct (rule 3)
0
0
https://sc1.checkpoint.com/documents/R76/CP_R76_SGW_WebAdmin/6721.htm:
* Client Authentication works with all sign on methods. For sign on methods other than Manual Client Authentication, the Security Gateway is transparent to the users. They authenticate directly to the destination host.
* Manual : Telnet to port 259 on gateway, HTTP to port 900 on gateway
* When using Partially Automatic Client Authentication, make sure that port 80 is accessible on the gateway
* When using Fully Automatic Client Authentication, make sure that port 80 is accessible on the gateway.
I think it should be C.
0
0
^ Explanation is spot on. Answer is C
0
0
Can’t have a Host object in source column on a Client Auth rule.
The policy verification fails.
So I think Rule 4 is responsible for the failure.
Correct me if I’m wrong
0
0
Correct answer should be A
0
0