Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?
Based on the shown security policy, which Security policy rule would match all FTP traffic from the inside zone to the outside zone?
The appropriate rule that matches all FTP traffic from the inside zone to the outside zone is 'egress-outside'. This rule specifies that traffic from the inside zone to the outside zone, for any address, and for any application and service, should be allowed. Unlike the 'inside-portal' rule which specifies a particular destination IP, the 'egress-outside' rule has no such restriction, making it suitable for matching all FTP traffic as required by the question.
D it's correct, because 203.0.113.0/24 it's a reserved/special use address (TEST-NET-3. RFC 5737) so it can't stay in an outside zone.
it's about ALL the traffic, so D is the correct answer
The only option that matches "ALL" FTP traffic from Inside to Outside
correct
I mean, technically inside-portal would match any FTP traffic first to the outside zone, even if the destination address is defined.
Yup, the question doesn't ask about dst IP so I think C is correct.
But it does say "Match ALL ftp traffic" (not "any") which the Inside-portal would not match all the ftp traffic, just the FTP traffic destined to that specific IP.
RTFM...
D it's correct, because 203.0.113.0/24 it's a reserved/special use address (TEST-NET-3. RFC 5737) so it can't stay in an outside zone.
D it's correct, because 203.0.113.0/24 it's a reserved/special use address (TEST-NET-3. RFC 5737) so it can't stay in an outside zone.
egress-outsid. source and destination zone possuem any + any aplication e application-default service, action allow. Então é "D"
Can someone explain why it is not D? If it say "any" FTP traffic wouldnt it have to be D since C would only match FTP traffic destined to that specific IP. Is that not correct?
Correction, it says "ALL" FTP traffic. Wouldn't D be the first policy that allows "ALL" FTP traffic?