NGFW-ENGINEER · Question #23
NGFW-ENGINEER Question #23: Real Exam Question with Answer & Explanation
The correct answer is A: Suspend the active firewall to trigger a failover to the passive firewall. With traffic now running on. In an active/passive HA setup, the recommended process for upgrading involves minimizing downtime and ensuring traffic continuity by using the failover process: Suspend the active firewall: This triggers a failover to the passive unit, making it the active unit. Upgrade the forme
Question
An administrator plans to upgrade a pair of active/passive firewalls to a new PAN-OS release. The environment is highly sensitive, and downtime must be minimized. What is the recommended upgrade process for minimal disruption in this high availability (HA) scenario?
Options
- ASuspend the active firewall to trigger a failover to the passive firewall. With traffic now running on
- BShut down the currently active firewall and upgrade it offline, allowing the passive firewall to
- CIsolate both firewalls from the production environment and upgrade them in a separate, offline
- DPush the new PAN-OS version simultaneously to both firewalls, having them upgrade and reboot
Explanation
In an active/passive HA setup, the recommended process for upgrading involves minimizing downtime and ensuring traffic continuity by using the failover process: Suspend the active firewall: This triggers a failover to the passive unit, making it the active unit. Upgrade the former passive (now active) unit: With traffic now running on the previously passive unit, upgrade the suspended unit while the active unit continues handling traffic. Confirm proper operation: Once the upgrade is complete, verify that the upgraded unit is functioning properly. Fail traffic back: Once the upgraded firewall is confirmed to be working, fail the traffic back to the original active unit and upgrade the remaining firewall.
Topics
Community Discussion
No community discussion yet for this question.