Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 533

A network engineer is troubleshooting a VPN and wants to verify whether the decapsulation/encapsulation counters are increasing.
Which CLI command should the engineer run?

Answer options

• A. Show running tunnel flow lookup
• B. Show vpn flow name <tunnel name>
• C. Show vpn ipsec-sa tunnel <tunnel name>
• D. Show vpn tunnel name | match encap

Correct answer: B

Explanation

The correct answer is B, as the 'Show vpn flow name <tunnel name>' command directly provides the encapsulation and decapsulation counters for the specified tunnel. Options A, C, and D do not specifically focus on showing the counters for the encapsulation and decapsulation processes, making them less suitable for this task.