ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCNSA
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which action would an administrator take to ensure that a service object will be available only to the selected device group?
Which type of DNS signatures are used by the firewall to identify malicious and command-and-control domains?
An administrator needs to add capability to perform real-time signature lookups to block or sinkhole all known malware domains. Which type of single unified engine will get this result?
Which order of steps is the correct way to create a static route?
Which statement is true about Panorama managed devices?
Review the Screenshot: Given the network diagram, traffic must be permitted for SSH and MYSQL from the DMZ to the SERVER zones, crossing two firewalls. In addition, traffic should be permitted from the SERVER zone to the DMZ on SSH only. Which rule group enables the required traffic? A) B) C) D)
What are three valid source or D=destination conditions available as Security policy qualifiers? (Choose three.)
An administrator is updating Security policy to align with best practices. Which Policy Optimizer feature is shown in the screenshot below?
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Which security profile will provide the best protection against ICMP floods, based on individual combinations of a packet`s source and destination IP address?

Question 295 - PCNSA discussion

Report
Export

How are service routes used in PAN-OS?

A.
By the OSPF protocol, as part of Dijkstra's algorithm, to give access to the various services offered in the network
Answers
A.
By the OSPF protocol, as part of Dijkstra's algorithm, to give access to the various services offered in the network
B.
To statically route subnets so they are joinable from, and have access to, the Palo Alto Networks external services
Answers
B.
To statically route subnets so they are joinable from, and have access to, the Palo Alto Networks external services
C.
For routing, because they are the shortest path selected by the BGP routing protocol
Answers
C.
For routing, because they are the shortest path selected by the BGP routing protocol
D.
To route management plane services through data interfaces rather than the management interface
Answers
D.
To route management plane services through data interfaces rather than the management interface
Suggested answer: D

Explanation:

Service routes are a feature of PAN-OS that allows the administrator to customize the interface that the firewall uses to send requests to external services, such as DNS, email, Palo Alto Networks updates, User-ID agent, syslog, Panorama, dynamic updates, URL updates, licenses, and AutoFocus1.

By default, the firewall uses the management interface for all service routes, unless the packet destination IP address matches the configured destination service route, in which case the source IP address is set to the source address configured for the destination1.

However, in some scenarios, the administrator may want to use a different interface for service routes, such as when the management interface does not have public internet access, or when the administrator wants to isolate or monitor the traffic for certain services23.

To configure service routes, the administrator can select Device > Setup > Services > Service Route Configuration and customize each service with a source interface and a source address.The administrator can also configure destination service routes to specify a destination IP address and a gateway for each service1.

Service routes are not related to routing protocols such as OSPF or BGP, which are used to exchange routing information between routers and determine the best path to reach a network destination. Service routes are only used to change the interface that the firewall uses to communicate with external services.

Therefore, service routes are used to route management plane services through data interfaces rather than the management interface.

References:

1:Configure Service Routes - Palo Alto Networks2:Setting a Service Route for Services to Use a Dataplane's Interface - Palo Alto Networks3:How to Perform Updates when Management Interface does not have Public Internet Access - Palo Alto Networks


Show Answer
asked 23/09/2024
Marcos Davila
32 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms