NGFW-ENGINEER · Question #9
NGFW-ENGINEER Question #9: Real Exam Question with Answer & Explanation
The correct answer is A: To forward packets to the HA peer during session setup and asymmetric traffic flow. The HA3 interface, a Layer 2 link using MAC-in-MAC encapsulation, enables packet forwarding between active/active firewalls to handle asymmetric routing and ensure proper session setup when traffic arrives at the non-owner peer.
Question
In an active/active high availability (HA) configuration with two PA-Series firewalls, how do the firewalls use the HA3 interface?
Options
- ATo forward packets to the HA peer during session setup and asymmetric traffic flow
- BTo exchange hellos, heartbeats, HA state information, and management plane synchronization
- CTo synchronize sessions, forwarding tables, IPSec security associations, and ARP tables
- DTo perform session cache synchronization among all HA peers having the same cluster ID
Explanation
The HA3 interface, a Layer 2 link using MAC-in-MAC encapsulation, enables packet forwarding between active/active firewalls to handle asymmetric routing and ensure proper session setup when traffic arrives at the non-owner peer.
Topics
Community Discussion
No community discussion yet for this question.