Checkpoint 156-315.81 Practice Test - Questions Answers, Page 32

The default port for the Gaia WebUI Portal is HTTPS 443. This is the standard port for secure web communication over SSL/TLS. Changing the port may cause inconsistency with the settings on the SmartConsole and is not recommended unless necessary. To change the port, you can use the CLISH commandset web ssl-port and save the configuration.

Reference:13

This VPN routing option uses VPN routing for every connection a satellite gateway handles, regardless of the destination. This means that all traffic from the satellite gateway will go through the VPN tunnel to the center gateway, and then be routed to the appropriate destination, whether it is another satellite, the Internet, or another VPN target. This option provides the highest level of security and control, but also consumes more bandwidth and processing power.

The CLISH command to change the default Gaia WebUI Portal port number isset web ssl-port <new port number>. This command will change the port that the WebUI listens on for HTTPS connections. After changing the port, you need to save the configuration withsave configand verify that the change was applied withshow web ssl-port. You also need to update the Main URL in the Platform Portal section of the gateway object in SmartConsole and install the policy.

The correct address to access the Web UI for Gaia platform via browser is https://<Device_IP_Adress>. This will open the Gaia Portal login page, where you can enter your username and password to access the Gaia configuration options. By default, the Web UI listens on port 443 for HTTPS connections, but you can change it using the CLISH commandset web ssl-port .

The Hit Count feature allows tracking the number of connections that each rule matches, regardless of the Track option set for the rule. When you enable Hit Count, the Security Management Server collects the data from supported Security Gateways and displays it in SmartConsole. You can use the Hit Count feature to optimize your rule base by identifying unused or rarely used rules, or rules that match too many connections.

Permanent VPN tunnels can be set on all tunnels in the community, on all tunnels for specific gateways, or on specific tunnels in the community. Permanent VPN tunnels are always active and prevent VPN tunnel negotiation failures due to idle time or traffic volume. You can configure permanent VPN tunnels in SmartConsole by selecting the Permanent Tunnel option in the VPN Community Properties window.

In a Distributed Environment, a Central License can be installed via CLI on a Security Gateway using the CPLIC command. The CPLIC command allows you to add, delete, or list Central Licenses on a Security Gateway from the command line. You need to provide the IP address of the Security Management Server and the license string as parameters for the CPLIC command.

A star VPN community is a type of VPN community that allows a central gateway to create VPN tunnels with multiple satellite gateways or hosts, but does not allow satellite gateways or hosts to create VPN tunnels with each other. This type of community is suitable for hub-and-spoke topologies, where the central gateway acts as the hub and the satellite gateways or hosts act as the spokes. The central gateway can initiate or terminate VPN traffic to any satellite member, but the satellite members can only initiate or terminate VPN traffic to the central gateway.

When a packet arrives at the gateway, the gateway checks it against the rules in the top Policy Layer, sequentially from top to bottom, and enforces the first rule that matches the packet. The order of rule enforcement depends on the action of the matching rule. If the action is Accept, the gateway allows the packet to pass through the gateway, but also continues to check rules in the next Policy Layer down. If the action is Drop, Reject, or Encrypt, the gateway applies that action to the packet and stops checking rules in that Policy Layer and any subsequent Policy Layers. If there is no matching rule in a Policy Layer, the gateway applies the Implicit Clean-up Rule for that Policy Layer, which is usually Drop.