PCNSE · Question #292
PCNSE Question #292: Real Exam Question with Answer & Explanation
The correct answer is A: The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating. In an active/active HA deployment where downstream devices (routers, hosts) use a single gateway IP for the firewall pair, Palo Alto Networks uses a floating IP address that can be owned by either firewall at a given time. When a failover occurs, the firewall taking ownership of
Question
An administrator has been asked to configure active/active HA for a pair of Palo Alto Networks NGFWs. The firewall use Layer 3 interfaces to send traffic to a single gateway IP for the pair. Which configuration will enable this HA scenario?
Options
- AThe two firewalls will share a single floating IP and will use gratuitous ARP to share the floating
- BEach firewall will have a separate floating IP, and priority will determine which firewall has the
- CThe firewalls do not use floating IPs in active/active HA.
- DThe firewalls will share the same interface IP address, and device 1 will use the floating IP if
Explanation
In an active/active HA deployment where downstream devices (routers, hosts) use a single gateway IP for the firewall pair, Palo Alto Networks uses a floating IP address that can be owned by either firewall at a given time. When a failover occurs, the firewall taking ownership of the floating IP sends a gratuitous ARP (GARP) to update the ARP tables of neighboring devices, ensuring traffic is directed to the now-active device without requiring any downstream reconfiguration. In active/active HA, both firewalls process traffic simultaneously, but the floating IP moves between them as needed to maintain consistent gateway reachability.
Topics
Community Discussion
No community discussion yet for this question.