156-215.80 · Question #208
What statement is true regarding Visitor Mode?
The correct answer is A. VPN authentication and encrypted traffic are tunneled through port TCP 443.. This question tests the specific behavior of Check Point's Visitor Mode, which enables VPN connectivity through restrictive firewalls by using TCP port 443.
Question
What statement is true regarding Visitor Mode?
Options
- AVPN authentication and encrypted traffic are tunneled through port TCP 443.
- BOnly ESP traffic is tunneled through port TCP 443.
- COnly Main mode and Quick mode traffic are tunneled on TCP port 443.
- DAll VPN traffic is tunneled through UDP port 4500.
How the community answered
(46 responses)- A89% (41)
- C4% (2)
- D7% (3)
Why each option
This question tests the specific behavior of Check Point's Visitor Mode, which enables VPN connectivity through restrictive firewalls by using TCP port 443.
Visitor Mode encapsulates all VPN traffic - including IKE authentication exchanges and encrypted IPsec data - inside a TCP 443 (HTTPS) tunnel. This allows remote access clients behind firewalls that permit only outbound HTTPS to establish a full VPN, since both the control and data plane are tunneled over the single allowed port.
Visitor Mode does not limit the tunnel to ESP traffic only - it encapsulates all VPN traffic including IKE negotiation, not just the encrypted payload packets.
Main mode and Quick mode are IKE negotiation phases, not a category of traffic that Visitor Mode selectively tunnels - the entire VPN session including these phases is encapsulated over TCP 443.
UDP port 4500 is used by NAT Traversal (NAT-T) to encapsulate IPsec traffic through NAT devices, which is a different mechanism entirely from Visitor Mode's TCP 443 tunneling.
Concept tested: Check Point Visitor Mode TCP 443 VPN tunneling
Source: https://sc1.checkpoint.com/documents/R77/CP_R77_RemoteAccessVPN_AdminGuide/html_frameset.htm
Topics
Community Discussion
No community discussion yet for this question.