Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 4

An administrator needs to implement an NGFW between their DMZ and Core network. EIGRP Routing between the two environments is required.
Which interface type would support this business requirement?

Answer options

• A. Virtual Wire interfaces to permit EIGRP routing to remain between the Core and DMZ
• B. Layer 3 or Aggregate Ethernet interfaces, but configuring EIGRP on subinterfaces only
• C. Tunnel interfaces to terminate EIGRP routing on an IPsec tunnel (with the GlobalProtect License to support LSVPN and EIGRP protocols)
• D. Layer 3 interfaces, but configuring EIGRP on the attached virtual router

Correct answer: A

Explanation

The correct answer is A because Virtual Wire interfaces allow for the transparent passage of traffic between the Core and DMZ without altering the packets, which is necessary for EIGRP routing. Options B and D would not support EIGRP routing appropriately in this setup, as they involve subinterfaces or virtual routers that could complicate the routing process. Option C is incorrect because Tunnel interfaces are not needed for direct communication between the DMZ and Core in this scenario.