Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 512

The Aggregate Ethernet interface is showing down on a passive PA-7050 firewall of an active/passive HA pair. The HA Passive Link State is set to "Auto" under
Device > High Availability > General > Active/Passive Settings. The AE interface is configured with LACP enabled and is up only on the active firewall.
Why is the AE interface showing down on the passive firewall?

Answer options

• A. It does not participate in LACP negotiation unless Fast Failover is selected under the Enable LACP selection on the LACP tab of the AE Interface.
• B. It does not perform pre-negotiation LACP unless "Enable in HA Passive State" is selected under the High Availability Options on the LACP tab of the AE Interface.
• C. It performs pre-negotiation of LACP when the mode Passive is selected under the Enable LACP selection on the LACP tab of the AE Interface.
• D. It participates in LACP negotiation when Fast is selected for Transmission Rate under the Enable LACP selection on the LACP tab of the AE Interface.

Correct answer: B

Explanation

The correct answer is B because the AE interface on the passive firewall does not engage in LACP pre-negotiation unless the 'Enable in HA Passive State' option is selected. Options A, C, and D are incorrect as they do not address the requirement for enabling LACP in a passive HA state, which is critical for LACP negotiation to occur.