nerdexam
Palo_Alto_Networks

NETSEC-GENERALIST · Question #51

Which action is only taken during slow path in the NGFW policy?

The correct answer is B. SSL/TLS decryption. Palo Alto NGFW processing is divided into two paths. The 'fast path' (hardware-offloaded forwarding plane) handles subsequent packets of an already-established and classified session - including session lookup (A), Layer 2–4 processing (C), and security policy lookup (D), all of

NGFW Traffic Flow and Processing

Question

Which action is only taken during slow path in the NGFW policy?

Options

  • ASession lookup
  • BSSL/TLS decryption
  • CLayer 2-Layer 4 firewall processing
  • DSecurity policy lookup

How the community answered

(36 responses)
  • A
    3% (1)
  • B
    94% (34)
  • D
    3% (1)

Explanation

Palo Alto NGFW processing is divided into two paths. The 'fast path' (hardware-offloaded forwarding plane) handles subsequent packets of an already-established and classified session - including session lookup (A), Layer 2–4 processing (C), and security policy lookup (D), all of which occur for the first packet in the slow path and are then cached. SSL/TLS decryption (B) is performed only in the slow path because it requires full Layer 7 inspection, certificate handling, and proxy processing - work that cannot be offloaded to hardware fast-path forwarding. It must be re-evaluated for each new session but always through the slow path software processing pipeline.

Topics

#Palo Alto NGFW#Packet Processing#Fast Path#Slow Path

Community Discussion

No community discussion yet for this question.

Full NETSEC-GENERALIST Practice