Palo Alto Networks SD-WAN Engineer — Question 9
In a data center (DC) with two ION devices, all of the remote branch Prisma SD-WAN VPNs are active only on DC ION-1.
Why are no VPNs active on DC ION-2?
Answer options
- A. The BGP core peer is down.
- B. The static route to core as a next hop is missing.
- C. The ION device is behind a NAT.
- D. The DC and branches are in a different domain.
Correct answer: D
Explanation
The correct answer is D because if the data center and branches are in different domains, the VPNs cannot establish the necessary connections across them. Options A, B, and C do not adequately explain the situation since they relate to network configuration issues that wouldn't prevent the VPNs from being active on one ION device if the domains are aligned.