NGFW-ENGINEER · Question #80
NGFW-ENGINEER Question #80: Real Exam Question with Answer & Explanation
Sign in or unlock NGFW-ENGINEER to reveal the answer and full explanation for question #80. The question stem and answer options stay visible for context.
Question
A network administrator is establishing a site-to-site VPN between a Palo Alto Networks firewall and a partner's Check Point Security Gateway. The partner has provided a specific list of local and remote IP address subnets that are permitted through the tunnel. The initial tunnel configuration on the PAN-OS firewall fails during the IKE Phase 2 exchange. Which configuration step is essential to ensure compatibility with the policy-based Check Point gateway?
Options
- ADefine the local and remote subnets provided by the partner in the Proxy ID settings.
- BCreate individual Security policies for each pair of local and remote subnets.
- CAssign a specific IP address to the tunnel interface to match the Check Point gateway.
- DEnable Dead Peer Detection (DPD) in the IKE Gateway configuration.
Unlock NGFW-ENGINEER to see the answer
You've previewed enough free NGFW-ENGINEER questions. Unlock NGFW-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.