Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 193

What happens when an A/P firewall cluster synchronizes IPsec tunnel security associations (SAs)?

Answer options

• A. Phase 2 SAs are synchronized over HA2 links.
• B. Phase 1 and Phase 2 SAs are synchronized over HA2 links.
• C. Phase 1 SAs are synchronized over HA1 links.
• D. Phase 1 and Phase 2 SAs are synchronized over HA3 links.

Correct answer: A

Explanation

The correct answer is A because in an A/P firewall cluster, only the Phase 2 security associations (SAs) are synchronized over the HA2 links, which are designated for this purpose. Options B and D incorrectly suggest that Phase 1 SAs are synchronized over HA2 or HA3 links, while option C states that Phase 1 SAs use HA1 links, which is also incorrect in the context of this synchronization process.