Palo Alto Networks Certified Strata Field Engineer (PCSFE) — Question 94
After configuring a new software VM-Series firewall, the network team cannot detect any traffic being transmitted or received on the correct VLAN of the network switch. However, they are able to ping the management IP. Which two actions should be taken to troubleshoot this issue? (Choose two.)
Answer options
- A. Use tcpdump.
- B. Debug flow create.
- C. Check the port groups and port mapping on the hypervisor.
- D. Show counter global filter.
Correct answer: A, C
Explanation
Using tcpdump (option A) allows for capturing and analyzing the network packets, which can help identify any traffic issues. Checking the port groups and port mapping on the hypervisor (option C) ensures that the VM is correctly connected to the appropriate VLAN. The other options, while useful in different scenarios, do not directly address the issue of traffic not being detected on the VLAN.