Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 618

A user's traffic traversing a Palo Alto Networks NGFW sometimes can reach http://www.company.com. At other times the session times out. The NGFW has been configured with a PBF rule that the user's traffic matches when it goes to http://www.company.com.
How can the firewall be configured automatically disable the PBF rule if the next hop goes down?

Answer options

• A. Create and add a Monitor Profile with an action of Wait Recover in the PBF rule in question.
• B. Create and add a Monitor Profile with an action of Fail Over in the PBF rule in question.
• C. Enable and configure a Link Monitoring Profile for the external interface of the firewall.
• D. Configure path monitoring for the next hop gateway on the default route in the virtual router.

Correct answer: B

Explanation

The correct answer is B, as adding a Monitor Profile with a Fail Over action allows the PBF rule to automatically disable if the next hop goes down, ensuring traffic doesn't get routed incorrectly. Option A's Wait Recover does not disable the rule, while options C and D do not directly relate to the PBF rule's operational state in this context.