PCNSE · Question #792
PCNSE Question #792: Real Exam Question with Answer & Explanation
The correct answer is A: Add a route with next hop next-vr by using the VR configured in the virtual system.. Three items are required for inter-vsys communication with separate Virtual Routers: (A) Each VR needs a static route with 'next hop: next-vr' pointing to the other vsys's VR, so the firewall knows to hand off traffic between routing domains. (D) Each vsys must be configured to '
Question
A network security engineer needs to ensure that virtual systems can communicate with one another within a Palo Alto Networks firewall. Separate virtual routers (VRs) are created for each virtual system. In addition to confirming security policies, which three configuration details should the engineer focus on to ensure communication between virtual systems? (Choose three.)
Options
- AAdd a route with next hop next-vr by using the VR configured in the virtual system.
- BLayer 3 zones for the virtual systems that need to communicate.
- CAdd a route with next hop set to none, and use the interface of the virtual systems that need to
- DEnsure the virtual systems are visible to one another.
- EExternal zones with the virtual systems added.
Explanation
Three items are required for inter-vsys communication with separate Virtual Routers: (A) Each VR needs a static route with 'next hop: next-vr' pointing to the other vsys's VR, so the firewall knows to hand off traffic between routing domains. (D) Each vsys must be configured to 'allow' or be 'visible' to the other vsys under the vsys configuration, establishing mutual visibility. (E) External zones must be created in each vsys and associated with the other vsys to define the inter-vsys traffic entry and exit points. Layer 3 interfaces (B) and null-route next hops (C) are not the correct approach for this scenario.
Topics
Community Discussion
No community discussion yet for this question.