NETSEC-GENERALIST · Question #51
Which action is only taken during slow path in the NGFW policy?
The correct answer is B. SSL/TLS decryption. Palo Alto NGFW processing is divided into two paths. The 'fast path' (hardware-offloaded forwarding plane) handles subsequent packets of an already-established and classified session - including session lookup (A), Layer 2–4 processing (C), and security policy lookup (D), all of
Question
Which action is only taken during slow path in the NGFW policy?
Options
- ASession lookup
- BSSL/TLS decryption
- CLayer 2-Layer 4 firewall processing
- DSecurity policy lookup
How the community answered
(36 responses)- A3% (1)
- B94% (34)
- D3% (1)
Explanation
Palo Alto NGFW processing is divided into two paths. The 'fast path' (hardware-offloaded forwarding plane) handles subsequent packets of an already-established and classified session - including session lookup (A), Layer 2–4 processing (C), and security policy lookup (D), all of which occur for the first packet in the slow path and are then cached. SSL/TLS decryption (B) is performed only in the slow path because it requires full Layer 7 inspection, certificate handling, and proxy processing - work that cannot be offloaded to hardware fast-path forwarding. It must be re-evaluated for each new session but always through the slow path software processing pipeline.
Topics
Community Discussion
No community discussion yet for this question.