You are configuring the intrusion prevention service (IPS) feature on Cloud Next Generation Firewall Enterprise. You deployed your firewall endpoints and you need to inspect the traffic of the VMs. What should you do?
A.
Configure Packet Mirroring to match the source/destination IP addresses of the VMs.
B.
Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the goto_next action.
C.
Configure a firewall rule to match the hostnames of the VMs, and use the apply_security_profile_group action.
D.
Configure a firewall rule to match the source/destination IP addresses of the VMs, and use the apply_security_profile_group action.
First, let me say that D is acceptable. But, I would typically want to manage resources by their hostname and not their IP addresses. D may be right. Just wanted to make the case for C. If someone can point out why I'm wrong, I would appreciate it.
D is correct.
Security profiles help you define Layer 7 inspection policy for your Google Cloud resources. They are generic policy structures that are used by firewall endpoints to scan intercepted traffic to provide application Layer services, such as intrusion prevention.
continued --- > The NGFW endpoint inspects the traffic using the security profiles and applies actions such as blocking, alerting, or allowing based on configured threat severity levels.
When a firewall rule is configured with apply_security_profile_group, matched traffic is redirected to the Cloud NGFW endpoint along with the specified security profile group
D is right
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rich_maverick
3 weeks, 6 days agoRKS_2021
1 month, 2 weeks agob0b25
1 month, 3 weeks agob0b25
1 month, 3 weeks ago