NGFW-ENGINEER · Question #84
NGFW-ENGINEER Question #84: Real Exam Question with Answer & Explanation
The correct answer is B: Upgrade the passive firewall first while it is still in the passive state. Once it reboots and is. Upgrading the passive firewall first ensures there is no impact to live traffic. After the passive device is upgraded and operational, a controlled failover is performed so traffic moves to the upgraded firewall, and then the remaining firewall can be upgraded, achieving a zero-d
Question
A network security engineer at a 24/7 online retailer is upgrading an active/passive high availability (HA) cluster of PAN-OS firewalls. The primary goal is to perform the upgrade with no service interruption to online transactions. The engineer has already downloaded the new software to both devices. Which sequence of actions will meet this requirement?
Options
- AFrom Panorama, create a scheduled software update job targeting both firewalls in the HA pair to
- BUpgrade the passive firewall first while it is still in the passive state. Once it reboots and is
- CForce the active firewall into a suspended state to trigger a failover, then upgrade and reboot it.
- DDisable HA synchronization on the active firewall, upgrade the passive firewall, and then re-enable
Explanation
Upgrading the passive firewall first ensures there is no impact to live traffic. After the passive device is upgraded and operational, a controlled failover is performed so traffic moves to the upgraded firewall, and then the remaining firewall can be upgraded, achieving a zero-downtime upgrade process for an active/passive HA pair.
Topics
Community Discussion
No community discussion yet for this question.