Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 366

In an HA failover scenario what happens with sessions decrypted by a SSL Forward Proxy Decryption policy?

Answer options

• A. The existing session is transferred to the active firewall.
• B. The firewall drops the session.
• C. The session is sent to fastpath.
• D. The firewall allows the session but does not decrypt the session.

Correct answer: D

Explanation

In a high availability (HA) failover situation, the firewall will permit the session to continue but will not perform decryption, which is why option D is correct. Options A and C are incorrect because the session cannot transfer or be processed through fastpath during failover. Option B is also incorrect, as the session is not dropped but instead allowed without decryption.