Palo Alto Networks NGFW Engineer — Question 40

Which statement applies to the relationship between Panorama-pushed Security policy and local firewall Security policy?

Answer options

• A. When a policy match is found in a local firewall policy, if any Panorama shared post-rule is configured, it will still be evaluated.
• B. Local firewall rules are evaluated after Panorama pre-rules and before Panorama post-rules.
• C. Panorama post-rules can be configured to be evaluated before local firewall policy for the purpose of troubleshooting.
• D. The order of policy evaluation can be configured differently in different device groups.

Correct answer: B

Explanation

The correct answer is B because local firewall rules are indeed evaluated in the specified order, ensuring that Panorama's pre-rules are applied first. Option A is incorrect as local matches do not influence the evaluation of shared post-rules. Option C is not accurate since Panorama post-rules are meant to be evaluated after local policies. Option D is misleading as the order of evaluation is consistent and not configured differently across device groups.