As shown in the figure below, a company uses the USG6600 firewall as the egress. The company has two egresses. Carrier A and carrier B share the egress load. When an engineer deploys the firewall, two egresses are added to the untrust zone at the same time. The user has joined the trust zone and made source NAT mapping. After the deployment, it is found that some users have normal access to the Internet, while some users have very slow access to the Internet, and even sometimes cannot access the Internet.
[USG] display firewall session table verbose
http VPN: public --> public
Zone: trust --> untrust TTL: 00:00:10 Left: 00:00:08
Interface: GigabitEthernet0/0/0 Nexthop: 41.134.5.49 MAC: F0-DE-F1-69-26-91
<--packets: 9 bytes: 364 -->packets: 9 bytes: 364
10.16.1.20:5246 [41.134.5.52:5246] --> 16.8.3.8:80
http VPN: public --> public
Zone: trust --> untrust TTL: 00:10:00 Left: 00:09:59
Interface: GigabitEthernet0/0/1 Nexthop: 41.160.30.65 MAC: 00-21-97-cf-22-38
<--packets: 4 bytes: 238 -->packets: 14 bytes: 1640
10.16.1.122:3745 [41.134.5.52:3745] --> 2.2.2.2:80
[USG] display ip routing-table
20:56:07 2012/09/30
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 5 Routes: 5
Destination/Mask Proto Pre Cost Flags NextHop
0.0.0.0/0
Static 60
0
RD 41.134.5.49
0.0.0.0/0
Static
60
0
RD 41.160.30.65
10.16.1.1/24
Direct
0
0
D 127.0.0.1
127.0.0.0/8
Direct
0
0D 127.0.0.1
127.0.0.1/32
Direct
0
0
D 127.0.0.1
Based on the above information, please determine which of the following descriptions is correct?

The IPsec status information of a network is as follows, [USG A] display ike sa
current ike sa number: 2
-------------------------------------------------- -------------------------------------
conn-id peer flag phase vpn
-------------------------------------------------- --------------------------------------
40006 <unnamed> NONE v1:2 public
40004 1.1.1.2 RD|ST v1:2 public
2012-08-08 15:05:15 USG %%01IKE/4/WARNING (I): phase2: proposal or pfs dh-group up mismatch, please check ipsec proposal and pfs dh-group configuration.
*0.1921499990 USG IKE/7/DEBUG: got NOTIFY of type NO_PROPOSAL_CHOSEN
Which of the following options is a possible cause of failure?

USGA G0/0/2 (30.1.1.2) ----------------------------- (30.1.1.1) G0/0/2 USGB
A network adopts the above topology and establishes BFD with USGA and USGB, but it is found that the BFD session cannot be Up. The most probable cause is:
<USGA> display bfd session all
-------------------------------------------------- -------------------------------------------------- -------------
Local Remote Peer IP Address Interface Name State Type
-------------------------------------------------- -------------------------------------------------- ------------
60 20 30.1.1.1 GigabitEthernet0/0/2 Down Static
-------------------------------------------------- -------------------------------------------------- ------------
<USGB> display bfd session all
-------------------------------------------------- -------------------------------------------------- -------------
Local Remote Peer IP Address Interface Name State Type
-------------------------------------------------- -------------------------------------------------- ------------
60 20 30.1.1.2 GigabitEthernet0/0/2 Down Static
-------------------------------------------------- -------------------------------------------------- ------------

When the firewall runs GRE, which three parameters must be configured on the tunnel interface?

When a user performs 802.1x authentication through a laptop, which resources can only be accessed when the security check fails?