nerdexam
Palo_Alto_Networks

PCNSE6 · Question #92

PCNSE6 Question #92: Real Exam Question with Answer & Explanation

The correct answer is C. Update the IPSEC Crypto profile for the Vendor IPSec Tunnel from no-pfs to group2.. See the full explanation below for the reasoning.

Question

After migrating from an ASA firewall, the VPN connection between a remote network and the Palo Alto Networks firewall is not establishing correctly. The following entry is appearing in the logs: pfs group mismatched: my:0 peer:2 Which setting should be changed on the Palo Alto Firewall to resolve this error message?

Options

  • AUpdate the IPSEC Crypto profile for the Vendor IPSec Tunnel from group2 to no-pfs.
  • BUpdate the IKE Crypto profile for the Vendor IKE gateway from no-pfs to group2.
  • CUpdate the IPSEC Crypto profile for the Vendor IPSec Tunnel from no-pfs to group2.
  • DUpdate the IKE Crypto profile for the Vendor IKE gateway from group2 to no-pfs.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PCNSE6 Practice