Palo Alto Networks SD-WAN Engineer — Question 13

A multinational company is deploying Prisma SD-WAN across North America, Europe, and Asia. The data centers in the North America region have served all regions, but regional policies are now being enforced that mandate each of the regions to build their own data centers and branch sites to only connect to their respective regional data centers.
How can this regionalization be achieved so that new or existing branch sites only build tunnels to the regional DC IONs?

Answer options

• A. Create a new cluster for each regional DC ION and move the sites from the existing cluster to the new cluster.
• B. Disable to auto-tunnel feature globally on the Prisma SD-WAN portal and manually create all necessary tunnels exclusively between IONs within their designated regions.
• C. Remove the circuit labels and apply new circuit labels for in-region circuits only.
• D. Assign WAN interfaces to distinct Virtual Routing and Forwarding (VRF) instances for each region on the DC IONs, ensuring that branches only connect to the WAN interfaces/VRFs designated for their region.

Correct answer: C

Explanation

The correct answer is C because removing the circuit labels and applying new ones for in-region circuits ensures that traffic is properly routed only within that region. Option A is incorrect as creating new clusters does not address the tunnel connections. Option B is not ideal since it disables a useful feature and requires a lot of manual configuration. Option D, while it manages routing, does not specifically address the circuit labeling needed for regional isolation.