Palo Alto Networks NGFW Engineer — Question 23

Which two statements apply to configuring required security rules when setting up an IPSec tunnel between a Palo Alto Networks firewall and a third- party gateway? (Choose two.)

Answer options

• A. For incoming and outgoing traffic through the tunnel, creating separate rules for each direction is optional.
• B. The IKE negotiation and IPSec/ESP packets are allowed by default via the intrazone default allow policy.
• C. For incoming and outgoing traffic through the tunnel, separate rules must be created for each direction.
• D. The IKE negotiation and IPSec/ESP packets are denied by default via the interzone default deny policy.

Correct answer: A, B

Explanation

The correct answers are A and B because it is not mandatory to create separate rules for each direction of traffic through the tunnel, and the intrazone default allow policy permits IKE and IPSec packets by default. Options C and D are incorrect as they misrepresent the default policies and requirements for rule creation in this context.