Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 404

An engineer discovers the management interface is not routable to the User-ID agent.

What configuration is needed to allow the firewall to communicate to the User-ID agent?

Answer options

• A. Add a Policy Based Forwarding (PBF) policy to the User-ID agent IP
• B. Create a NAT policy for the User-ID agent server
• C. Create a custom service route for the UID Agent
• D. Add a static route to the virtual router

Correct answer: C

Explanation

The correct answer is C because creating a custom service route for the UID Agent allows the firewall to properly direct traffic to the User-ID agent. Options A and B do not address the direct need for service routing, while D involves static routing that may not resolve the communication issue specific to the User-ID agent.