Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 598

A firewall has Security policies from three sources:
1. locally created policies
2. shared device group policies as pre-rules
3. the firewall's device group as post-rules
How will the rule order populate once pushed to the firewall?

Answer options

• A. shared device group policies, local policies, firewall device group policies
• B. firewall device group policies, local policies, shared device group policies
• C. local policies, firewall device group policies, shared device group policies
• D. shared device group policies, firewall device group policies, local policies

Correct answer: A

Explanation

The correct answer is A because the order of policy evaluation on the firewall starts with shared device group policies, followed by local policies, and concludes with the firewall device group policies. The other options misorder the sequence, which is crucial for understanding how the firewall processes its rules.