NGFW-ENGINEER · Question #60
NGFW-ENGINEER Question #60: Real Exam Question with Answer & Explanation
The correct answer is B: Assign each interface to the appropriate Layer 2 zone and configure a policy that allows traffic. In a Layer 2 configuration, interfaces are typically grouped into the same Layer 2 zone. When the interfaces are assigned to the same VLAN, the firewall will treat them as part of the same broadcast domain. In a Layer 2 setup, interfaces must be in the same Layer 2 zone to allow
Question
An NGFW engineer is configuring multiple Layer 2 interfaces on a Palo Alto Networks firewall, and all interfaces must be assigned to the same VLAN. During initial testing, it is reported that clients located behind the various interfaces cannot communicate with each other. Which action taken by the engineer will resolve this issue?
Options
- AConfigure each interface to belong to the same Layer 2 zone and enable IP routing between
- BAssign each interface to the appropriate Layer 2 zone and configure a policy that allows traffic
- CAssign each interface to the appropriate Layer 2 zone and configure Security policies for
- DEnable IP routing between the interfaces and configure a Security policy to allow traffic between
Explanation
In a Layer 2 configuration, interfaces are typically grouped into the same Layer 2 zone. When the interfaces are assigned to the same VLAN, the firewall will treat them as part of the same broadcast domain. In a Layer 2 setup, interfaces must be in the same Layer 2 zone to allow the traffic within the same VLAN to pass. Additionally, a security policy must be configured to allow traffic within this VLAN or zone. This will resolve the issue by ensuring that traffic is permitted between clients behind different interfaces assigned to the same VLAN.
Topics
Community Discussion
No community discussion yet for this question.