Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 234

An administrator has been asked to configure active/active HA for a pair of firewalls. The firewalls use Layer 3 interfaces to send traffic to a single gateway IP for the pair.
Which configuration will enable this HA scenario?

Answer options

• A. The two firewalls will share a single floating IP and will use gratuitous ARP to share the floating IP.
• B. Each firewall will have a separate floating IP, and priority will determine which firewall has the primary IP.
• C. The firewalls do not use floating IPs in active/active HA.
• D. The firewalls will share the same interface IP address, and device 1 will use the floating IP if device 0 fails.

Correct answer: A

Explanation

The correct answer is A because sharing a single floating IP with gratuitous ARP allows both firewalls to handle traffic simultaneously in an active/active setup. Option B is incorrect as it describes an active/passive configuration, while C is wrong because floating IPs are indeed used in active/active HA. Option D incorrectly suggests a failover mechanism that does not apply to an active/active scenario.