Palo Alto Networks Certified Network Security Consultant (PCNSC) — Question 3

Your customer wants to implement Active/Active High Availability for their PA-5260 pair. The following conditions are true in their environment:
-They are using multiple Layer 3 interfaces to process traffic.
-Their routing topology requires the use of Network Address Translation policies to ensure that traffic can reach its destinations correctly.
-They prefer to have the session workload distributed as evenly as possible to ensure both firewalls have lower resource utilization.
-They make use of dynamic routing protocols on their virtual routers for route-based redundancy.
-They chose to go with Active/Active for failover speed reasons.
Which three of the following HA configurations should your customer ensure they use to meet these requirements? (Choose three.)

Answer options

• A. HA1A, HA1B, and HA2 interfaces
• B. HA1A, HA1B, HA2, and HA3 interfaces
• C. Session selection algorithm – Primary Device
• D. Active/Active HA Binding in the NAT policies
• E. Session selection algorithm – First Packet

Correct answer: B, D, E

Explanation

The correct answer includes B, D, and E because these configurations support the requirements outlined by the customer. Option B provides the necessary interfaces for Active/Active setup, D ensures that NAT policies are appropriately set for Active/Active binding, and E facilitates session distribution. Options A and C do not meet all the specified conditions for the customer's environment.