Questions

which rules will the connection templates be generated in SecureXL?


Review the Rule Base displayed.
For which rules will the connection templates be generated in SecureXL?

A.
Rules 2 and 5

B.
Rules 2 through 5

C.
Rule 2 only

D.
All rules except Rule 3



Discussion

11 Responses to “which rules will the connection templates be generated in SecureXL?”

  1. CPUG says:

    C is Correct Answer! (Rule 3 in this question is of action “Client Auth”)

    If the Rule Base contains a rule regarding one of the following components, the Connection Templates will be disabled for connections matching this rule, and for all of the following rules:

    Security Server connections.
    Time objects in the rules.
    Dynamic Objects and/or Domain Objects.
    Services of type “other” with a match expression.
    User/Client/Session Authentication actions.
    Services of type RPC/DCERPC/DCOM.

    When installing a policy containing restricted rules, you will receive console messages indicating that Connection Templates will not be created due to the rules that have been defined. The warnings should be used as a recommendation that will assist you to fine-tune your policy in order to optimize performance.

  2. Imran says:

    Connection templates will be generated for simple TCP or UDP connections. eg a user connection with different source ports to a webserver on port 80. Connection Templates is part of the SecureXL (aka Performance Pack)technology

  3. Eddye says:

    The image of this question is here:
    http://www.aiotestking.com/checkpoint/which-rules-will-the-connection-templates-be-generated-in-securexl/

    Correct Answer is “C. Rule 2 only” as CPUG sad. His explanation is correct too.

  4. Vlad says:

    So why not rule 5 as well?
    Connections are for http and ftp as per picture link by Eddye?

  5. Vlad says:

    Sorry FTP is session authentication.

  6. SuperHeroInTraining says:

    B.securexl will be disabled below rule 2

  7. Esteban says:

    D. All rules except Rule 3

  8. Josh says:

    Rule 1 and 6 are drop rules, so they might create drop templates, but never could they create connection templates, impossible.
    Rule 2 can create connection templates, no one doubts.
    Rule 3 and following: CPUG gave the right explanation.

Post a Comment