This answer is incorrect. Should be answer A.
Internet Access Options for Mobile VPN Users
For Mobile VPN with IPSec and Mobile VPN with SSL, you have two options for Internet access for your Mobile VPN users:
Force all client traffic through tunnel (default-route VPN)
The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the Firebox is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth.
Allow direct access to the Internet (split tunnel VPN)
Another configuration option is to enable split tunneling. With this option, your users can browse the Internet, but Internet traffic is not sent through the VPN tunnel. Split tunneling improves network performance, but decreases security because the policies you create are not applied to the Internet traffic. If you use split tunneling, we recommend that each client computer have a software firewall.
Definitely A, the only reason we "default route" BoVPN traffic is so we don't have to buy subscription services on both endpoint FW's, route all traffic through host site allows use of subscription services from single site.
Dynamic NAT isn't why you'd use a full tunnel over split. Using the default route means all traffic goes through the firebox, rather than just the routes configured by the VPN.
A: Default route VPN allows your Firebox to examine all remote user traffic
Default-route (full tunnel) is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth.
If you select Routed VPN traffic in the Mobile VPN with SSL configuration, and you do not force all client traffic through the tunnel (split-tunnel), you must configure the allowed resources for the SSL VPN users. If you select Specify allowed resources or Allow access to all Trusted, Optional and Custom networks, only traffic to those resources is sent through the VPN tunnel. All other traffic goes directly to the Internet and the network that the remote SSL VPN user is connected to. This option can affect your security because any traffic sent to the Internet or the remote client network is not encrypted or subject to the policies you configured on the Firebox.
A is the correct answer. Some Firewall vendors call this "Full Tunnel", meaning all traffic is routed via the VPN to the Firewall for inspection. Split-Tunnel is where only LAN based traffic is routed to the firewall, internet destined traffic doesn't enter the VPN.
A is correct
"Default-route is the most secure option because it routes all Internet traffic from a remote user through the VPN
tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can
examine all traffic and provide increased security. Be aware that this option requires more processing power and
bandwidth."
When you use default-route VPN, a dynamic NAT policy must include the outgoing traffic from the remote network. This allows remote users to browse the Internet when they send all traffic to the Firebox.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Arjjra
Highly Voted 4 years, 2 months agoMaik
Highly Voted 3 years, 5 months agoBradKenn75
Most Recent 5 months, 1 week agomemorx
10 months, 1 week agozoodata
12 months agoAri2x
1 year, 4 months agoTurak64
1 year, 5 months agoSatornjkk
2 years, 5 months agopayzey
2 years, 8 months ago[Removed]
2 years, 8 months agommamlouk
2 years, 10 months agoKiwiTech
2 years, 11 months agoThresmonkey
3 years agoTejen
3 years, 5 months ago