Communication Between Vsys

Question 1

What is the name of a special type of zone that is associated with vsys and allows it to communicate with other vsys on a firewall without the need of the traffic leaving the firewall?

Answer 1

external

Question 2

What is external zone assoiciated with?

Answer 2

a specific virtual system that it can reach - the zone is external to the virtual system

Question 3

How many external zones can a vsys have?

Answer 3

only one, regardless of how many security zones the virtual system has within it

Question 4

Unlike security zones, an external zone is not associated with an interface, but with what object?

Answer 4

a virtual system

Question 5

Do external zones have interfaces or IP addresses associated with them?

Answer 5

no, therefore some zone protection profiles are not supported on external zones

Question 6

What is necessary to allow communication between vsys?

Answer 6

security policies

Question 7

How many sessions are used for communication between two virtual systems?

Answer 7

two

Question 8

A host from vsys1 needs to access a server on vsys2.
How are the two sessions established?

Answer 8

• host in the trust1 zone initiates traffic to the firewall, and the firewall creates the first session: source zone trust1 to destination zone untrust1; traffic is routed to vsys2, either internally or externally
• firewall creates a second session: source zone untrust2 to destination zone trust2