An organization runs multiple Kubernetes clusters both on-premises and in public clouds (AWS, Azure, GCP). They want to deploy the Palo Alto Networks CN-Series NGFW to secure east-west traffic within each cluster, maintain consistent Security policies across all environments, and dynamically scale as containerized workloads spin up or down. They also plan to use a centralized Panorama instance for policy management and visibility.
Which approach meets these requirements?
How does a Palo Alto Networks firewall choose the best route when it receives routes for the same destination from different routing protocols?
Which CLI command is used to configure the management interface as a DHCP client?
Which two statements describe an external zone in the context of virtual systems (VSYS) on a Palo Alto Networks firewall? (Choose two.)
An administrator is configuring a site-to-site IPSec VPN and assigns an IP address to the tunnel interface.
Which two abilities are enabled by this specific configuration step? (Choose two.)
A PA-Series firewall with all licensable features is being installed. The customer’s Security policy requires that users do not directly access websites. Instead, a security device must create the connection, and there must be authentication back to the Active Directory servers for all sessions.
Which action meets the requirements in this scenario?
When configuring a physical interface on a Palo Alto Networks firewall, which IP-based service is only available if the interface is set to Layer 3 mode?
A firewall administrator needs to configure a new Palo Alto Networks firewall so that its management interface automatically obtains an IP address, netmask, and default gateway from the network.
Which command should be executed in the CLI to accomplish this goal?
In a Palo Alto Networks environment, GlobalProtect has been enabled using certificate-based authentication for both users and devices. To ensure proper validation of certificates, one or more certificate profiles are configured.
What function do certificate profiles serve in this context?