Q: 8
Which statement applies to the relationship between Panorama-pushed Security policy and local
firewall Security policy?
Options
Discussion
Honestly wish Palo Alto would let us mess with the eval order, but B tbh.
Feels like B since that's how Panorama layers policy, and D is a classic Palo trap.
Had something like this in a mock, and B matches what I remember: local firewall rules get evaluated after Panorama pre-rules, before post-rules. Order can't be changed per device group, so D's out. Pretty sure that's still how it works but feel free to correct me if it's changed lately.
It’s B for sure, local rules are always sandwiched between Panorama pre- and post-rules. Palo doesn’t let you re-order these, so D isn’t possible and C is just a distractor. Pretty standard rulebase workflow unless they change it in a future update. Anyone disagree?
Yeah, local firewall rules sit right between Panorama pre and post-rules, so B fits. The eval order can't be changed per device group. If Palo ever allows more flexibility here I'd be surprised but for now B is correct.
B since local firewall rules always get evaluated after Panorama pre-rules and before post-rules. The order isn't something you can tweak per device group. Pretty sure that's still the case but let me know if you heard of any changes.
B
I was thinking C because I thought you could change the order for troubleshooting, but pretty sure that's not how Panorama handles the policy chain. Feel free to correct me if this is wrong.
Not D, B. Had something like this in a mock, B fits if the question means "default order" but if the requirement was to change the order somehow that'd point to D.
Call it B , unless there's a super rare troubleshooting override I missed, because normally Panorama's order is fixed per docs.
Be respectful. No spam.
