I think the keywords here are "AFTER the connection is allowed.." which I'm assuming means the traffic matches a SecureXL "Accept Template"
Looking at the default output of the command "fwaccel templates" in the below link, you can see that Source IP, Dest IP, DPort, and PR (protocol?) are listed. SPort has a * value.
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/PTG/SecureXL/fwaccel-templates.htm
I think the correct answer is A.
As we have seen in the packet acceleration, the first packet of each connection
has to go through the F2F path and then the connection gets offloaded to the
SecureXL. The connection rate acceleration works by processing the first
packet of a connection within SecureXL and not sending it to the Firewall.
This is possible with help of templates (explained below) which identifies the
allowable connections by 4 attributes:
Source address
Destination address
Destination port
Protocol
If a connection with these four attributes has been allowed by the Firewall
previously, then it will continue to allow more connections with the same four
attributes. unless:
The policy has been updated
The policy includes source port restriction
The service uses dynamically mapped ports. e.g. RPC-DCOM
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
McBeano
1 year, 4 months agorabbirobert
1 year, 5 months agolalaliano
1 year, 8 months agovgs2023
1 year, 8 months agoGab_agl
1 year, 9 months ago