A financial services company is deploying an active/active HA cluster of PA-5450 firewalls. To meet compliance requirements, all traffic for a specific high-frequency trading application must have session state mirrored in real-time. However, to optimize resource usage, sessions for general internet browsing should not be synchronized. Which configuration achieves this specific requirement?
A network security team is leveraging the PAN-OS XML API to automate the creation of address objects. The team needs to create a new address object named 'Prod-DB-Server' with the IP address '10.100.5.25' on a firewall managed by Panorama. Which XPath is required to correctly target the location for this new object within the API call?
During a security audit, it was discovered that administrators were using non-compliant TLS versions to manage a PA-3410 firewall. The security architect has mandated that only TLSv1.3 be used for all management connections. Which component must be configured and applied to the management interface to enforce this policy?
A consultant is designing a network with a PA-850 firewall that must inspect traffic between two switch ports in a strictly transparent mode without participating in spanning-tree. The firewall should not perform any routing or NAT and must be invisible to the connected devices. Which interface type configuration meets all these requirements?
True or False: When configuring a PAN-OS firewall as an explicit web proxy, the firewall must have a Layer 3 interface configured in the same security zone as the clients to intercept the proxy requests.
A company has deployed CN-Series firewalls to secure its Kubernetes cluster. The DevOps team wants to ensure that security policies are automatically applied to new application pods based on Kubernetes labels without manual intervention. Which TWO components are essential for this integration? (Choose TWO).
An engineer is troubleshooting a BGP peering issue between a Palo Alto Networks firewall and a Cisco router. The firewall's system logs show the BGP state is stuck in 'Active'. What is the most likely cause of this issue from the perspective of the Palo Alto Networks firewall?
A hospital is using a PA-3220 firewall to segment its network. They have created a custom application signature for their Electronic Health Record (EHR) system. The security policy must allow access to the EHR system only for users in the 'Clinical-Staff' Active Directory group. All other access attempts to the EHR servers must be blocked and logged. Which two security policy rules, in the correct order, are required to implement this? (Choose two.)
An organization wants to provide remote access to its developers. The requirements are: - All developer traffic must be routed through the corporate firewall for inspection. - Developers should NOT be able to access their local network resources while connected to the VPN. - The solution must be centrally managed via Panorama. Which GlobalProtect configuration on the Gateway will enforce these requirements?
A company is using Terraform to manage its Cloud NGFW for AWS deployment. The lead engineer needs to define a ruleset that will be applied to multiple firewall resources. Which Terraform resource should be used to define a reusable collection of security rules?