Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam Essentials topic 1 question 59 discussion

Actual exam question from WatchGuard's Essentials
Question #: 59
Topic #: 1
[All Essentials Questions]

In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)

  • A. Default route VPN allows your Firebox to examine all remote user traffic
  • B. Default route VPN uses less bandwidth
  • C. Default route VPN uses less processing power
  • D. Default route VPN automatically allows dynamic NAT
Show Suggested Answer Hide Answer

Suggested Answer: D

Comments

Arjjra
1 year, 11 months ago
This answer is incorrect. Should be answer A. Internet Access Options for Mobile VPN Users For Mobile VPN with IPSec and Mobile VPN with SSL, you have two options for Internet access for your Mobile VPN users: Force all client traffic through tunnel (default-route VPN) The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the Firebox is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth. Allow direct access to the Internet (split tunnel VPN) Another configuration option is to enable split tunneling. With this option, your users can browse the Internet, but Internet traffic is not sent through the VPN tunnel. Split tunneling improves network performance, but decreases security because the policies you create are not applied to the Internet traffic. If you use split tunneling, we recommend that each client computer have a software firewall.
upvoted 11 times
...
Tejen
1 year, 2 months ago
When you use default-route VPN, a dynamic NAT policy must include the outgoing traffic from the remote network. This allows remote users to browse the Internet when they send all traffic to the Firebox.
upvoted 1 times
...
Maik
1 year, 2 months ago
Answer A is correct
upvoted 6 times
...
Thresmonkey
9 months, 2 weeks ago
"Default-route is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth."
upvoted 2 times
...
KiwiTech
8 months ago
A is the correct answer
upvoted 4 times
...
mmamlouk
6 months, 3 weeks ago
I think the Answer is A
upvoted 4 times
...
CD990
4 months, 4 weeks ago
A is the correct answer. Some Firewall vendors call this "Full Tunnel", meaning all traffic is routed via the VPN to the Firewall for inspection. Split-Tunnel is where only LAN based traffic is routed to the firewall, internet destined traffic doesn't enter the VPN. A is correct
upvoted 1 times
...
payzey
4 months, 3 weeks ago
A: Default route VPN allows your Firebox to examine all remote user traffic Default-route (full tunnel) is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth. If you select Routed VPN traffic in the Mobile VPN with SSL configuration, and you do not force all client traffic through the tunnel (split-tunnel), you must configure the allowed resources for the SSL VPN users. If you select Specify allowed resources or Allow access to all Trusted, Optional and Custom networks, only traffic to those resources is sent through the VPN tunnel. All other traffic goes directly to the Internet and the network that the remote SSL VPN user is connected to. This option can affect your security because any traffic sent to the Internet or the remote client network is not encrypted or subject to the policies you configured on the Firebox.
upvoted 1 times
...
Satornjkk
2 months, 1 week ago
A.Enforce all user traffic make firebox can filter logged and inspection also.
upvoted 1 times
...

SaveCancel