Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 375

An administrator has two pairs of firewalls within the same subnet. Both pairs of firewalls have been configured to use High Availability mode with Active/Passive. The ARP tables for upstream routes display the same MAC address being shared for some of these firewalls.

What can be configured on one pair of firewalls to modify the MAC addresses so they are no longer in conflict?

Answer options

• A. Change the interface type on the interfaces that have conflicting MAC addresses from L3 to VLAN.
• B. On one pair of firewalls, run the CLI command: set network interface vlan arp.
• C. Change the Group IDs in the High Availability settings to be different from the other firewall pair on the same subnet.
• D. Configure a floating IP between the firewall pairs.

Correct answer: C

Explanation

The correct answer is C because changing the Group IDs in the High Availability settings helps prevent MAC address conflicts by ensuring that each pair of firewalls operates under a unique identifier. The other options do not address the underlying issue of MAC address conflicts effectively, as they either change the interface type or do not modify the High Availability configuration sufficiently.