An engineer is configuring a site-to-site IPSec VPN to a partner network. The IKE Gateway and IPSec tunnel configurations are complete, and the tunnel interface has been assigned to a security zone. However, the tunnel fails to establish, and no application traffic passes through it once it is up. Which two Security policy configurations are required to allow tunnel establishment and data traffic flow in this scenario? (Choose two.) (Choose two answers)

A. A security rule is needed to allow IKE and IPSec traffic between the zone where the physical interface resides and the zone of the partner gateway.
B. A single bidirectional security rule must be configured to manage traffic flowing through the tunnel interface.
C. Security rules must be configured to permit application traffic from the local zone to the tunnel zone, and from the tunnel zone to the local zone.
D. An Application Override policy is needed to allow both the IKE negotiation and the encapsulated data traffic.

Correct Answer: A,C

Brave-Dump Clients Votes

AC 100%

Comments

Brave-Dumps Admin 2025-12-09 16:06:36

Selected Answers: A, C

It needs additional check from our experts

Ayesha 2026-01-24 19:47:46

Selected Answers: A, C

"A" security rule is needed to allow IKE and IPSec traffic between the zone where the physical interface resides and the zone of the partner gateway

"C" Security rules must be configured to permit application traffic from the local zone to the tunnel zone, and from the tunnel zone to the local zone.