The IT department discovered during the last network migration that all zero phase selectors in phase 2 IPsec configurations impacted network operations. What are two valid approaches to prevent this during future migrations? (Choose two answers)

A. Use routing protocols to specify allowed subnets over the tunnel.
B. Configure an IPsec-aggregate to create redundancy between each firewall peer.
C. Clearly indicate to the VPN which segments will be encrypted in the phase two selectors.
D. Configure an IP address on the IPsec interface of each firewall to establish unique peer connections and avoid impacting network operations.

Correct Answer: A,C

Brave-Dump Clients Votes

AC 100%

Comments

Brave-Dumps Admin 2025-04-28 00:28:57

Selected Answers: A, C

A & C is correct
EFW 7.4 study guide page 196 confirms that,

"In addition, phase 2 configurations that consist of all zeros in phase selectors during migrations, particularly when advertising many routes over tunnels, can introduce the risk of invalid paths. These can disrupt operations but are crucial when partnering with corporations that have overlapping subnets. Use routing protocols to specify allowed subnets over the tunnel to mitigate these issues."