You are configuring aNetScreendevice in transparent mode and want to provide additional administrative security. Which two (2) options would you set?
setintvlan1 broadcast flood
set adminmanag-ip <a.b.c.d>
setintvlan1 ip manage-ip <a.b.c.d>
When a host or any kind of network device does not know the MAC address associated with the IP address of another device, it uses the Address Resolution Protocol (ARP) to obtain it. The requestor broadcasts an ARP query (arp-q) to all the other devices on the same subnet. Only the device with the specified IP address returns anarp-r. After a device matches an IP address with a MAC address, it stores the information in its ARP cache. The situation can arise when a device sends aunicastpacket with a destination MAC address, which it has in its ARP cache, but which theNetScreendevice does not have in its forwarding table.
When aNetScreendevice inTransparentmode receives aunicastpacket for which it has no entry in its forwarding table, it can follow one of two courses:
After doing a policy lookup to determine the zones to which traffic from the source address is permitted, flood the initial packet out the interfaces bound to those zones, and then continue using whichever interface receives a reply. This is the Flood option, which is enabled by default. Drop the initial packet, flood ARP queries (and, optionally, trace-route packets, which are ICMP echo requests with the time-to-live value set to 1) out all interfaces (except the interface at which the packet arrived), and then send subsequent packets through whichever interface receives an ARP (or trace-route) reply from the router or host whose MAC address matches the destination MAC address in the initial packet. The trace-route option allows theNetScreendevice to discover the destination MAC address when the destination IP address is in a nonadjacent subnet.