Answer-first summary for fast verification
Answer: Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the frontend VM subnet, destination IP range of the backend VM subnet, and the next hop of ILB1. Scope the PBR to the VMs with the frontend network tag. Add a frontend network tag to your frontend servers.
The correct approach involves using Policy-Based Routing (PBR) to ensure that traffic from the frontend VMs to the backend VMs is routed through the Network Virtual Appliances (NVAs) for inspection. Option D accurately describes this setup by specifying a PBR with the source IP range of the frontend VM subnet, the destination IP range of the backend VM subnet, and the next hop as the internal passthrough Network Load Balancer (ILB1) behind which the NVAs are placed. This configuration is scoped to the VMs with the frontend network tag, ensuring that only traffic from the frontend VMs is redirected through the NVAs. The NVAs, configured as full network proxies with source NAT, will then inspect and forward the traffic to the backend VMs. This solution meets the compliance requirement by ensuring all traffic between the frontend and backend subnets is inspected by the NVAs without introducing unnecessary complexity or potential routing loops.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How should you configure VPC routing to enable network virtual appliances (NVAs) to inspect traffic between frontend and backend subnets, given that the NVAs act as full network proxies with source NAT for allowed traffic, and all resources are within the same VPC?
A
Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add the global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the backend VM subnet, destination IP range of the frontend VM subnet, and the next hop of ILB1. Scope the PBR to the VMs with the backend network tag. Add a backend network tag to your backend servers.
B
Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ILB1. Add a frontend network tag to your frontend VMs.
C
Create your NVA with multiple interfaces. Configure NIC0 for NVA in the backend subnet. Configure NIC1 for NVA in the frontend subnet. Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add global network firewall policy rules to allow traffic through your NVAs. Create a custom static route with the destination IP range of the backend VM subnet, frontend instance tag, and the next hop of ILB1. Add a frontend network tag to your frontend VMs.
D
Place your NVAs behind an internal passthrough Network Load Balancer named ILB1. Add global network firewall policy rules to allow traffic through your NVAs. Create a policy-based route (PBR) with the source IP range of the frontend VM subnet, destination IP range of the backend VM subnet, and the next hop of ILB1. Scope the PBR to the VMs with the frontend network tag. Add a frontend network tag to your frontend servers.