Palo Alto Networks Exam PSE-SoftwareFirewall Topic 4 Question 11 Discussion

Actual exam question for Palo Alto Networks's PSE-SoftwareFirewall exam

Question #: 11
Topic #: 4

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

AEdit the IP address of all of the affected VMs.

BCreate a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

CSend the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

DCreate a Layer 3 interface in the same subnet as the VMs and then configure proxy Address Resolution Protocol (ARP).

Show Suggested Answer

Suggested Answer: B

Creating a New Virtual Switch:

By creating a new virtual switch, you can segment the network within the ESXi environment. The VM-Series firewall can then be used to provide security controls between these virtual switches using virtual wire mode.

Palo Alto Networks VM-Series Deployment Guide

Moving Guests to New Virtual Switch:

Guests requiring additional security are moved to the new virtual switch, allowing the VM-Series firewall to inspect and control traffic between the switches. This setup does not necessitate changes to the existing IP addresses or default gateways of the VMs.

Palo Alto Networks VM-Series Virtual Wire Mode

by Melodie at Sep 16, 2024, 08:24 PM

Limited Time Offer

25%

Off

Get Premium PSE-SoftwareFirewall Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Hubert

2 months ago

You know, I'm just imagining the panic if someone accidentally deleted that default gateway in option C. That would be a real nightmare!

upvoted 0 times

Christene

1 months ago

User 3: Yeah, deleting the default gateway by mistake would definitely cause chaos in the network.

upvoted 0 times

...

Nickie

1 months ago

I agree, it's better to be safe than sorry when it comes to network configurations.

upvoted 0 times

...

Lyndia

1 months ago

Option B sounds like the safest choice to avoid any accidental deletions.

upvoted 0 times

...

Fletcher

2 months ago

C looks like a good way to leverage the existing hardware firewall. Keeping the IP settings the same is a nice bonus.

upvoted 0 times

Kiley

29 days ago

User 3: B sounds like a good option for separating the VMs without changing their IP addresses. It's a clean solution.

upvoted 0 times

...

Myra

1 months ago

User 2: C) Send the VLAN out of the virtual environment into a hardware Palo Alto Networks firewall in Layer 3 mode. Use the same IP address as the old default gateway, then delete it.

upvoted 0 times

...

Paris

1 months ago

User 1: B) Create a new virtual switch and use the VM-Series firewall to separate virtual switches using virtual wire mode. Then move the guests that require more security into the new virtual switch.

upvoted 0 times

...

Barrie

2 months ago

I'm not sure about option B. I think option D might also work if we configure the Layer 3 interface properly.

upvoted 0 times

...

Tamra

2 months ago

Haha, editing all the IP addresses? That's a hard pass for me, option A is way too much work.

upvoted 0 times

Alpha

2 months ago

I think option B is a more efficient way to achieve the partition without changing IP addresses.

upvoted 0 times

...

Novella

2 months ago

Agreed, option A sounds like a lot of manual work.

upvoted 0 times

...

Carlee

3 months ago

I agree with Anastacia. Option B seems like the most efficient way to achieve the partitioning we need.

upvoted 0 times

...

Sharmaine

3 months ago

D is interesting, using proxy ARP to handle the partition without IP address changes. Definitely worth considering.

upvoted 0 times

...

Vanesa

3 months ago

Option B sounds like the way to go. Separating the virtual switches and using the VM-Series firewall to secure the more sensitive group is a clean solution.

upvoted 0 times

Tish

2 months ago

Phung: Exactly, it's a practical solution for this scenario.

upvoted 0 times

...

Nieves

2 months ago

It definitely simplifies the process and keeps everything organized.

upvoted 0 times

...

Phung

2 months ago

Agreed, it's a smart way to maintain security without changing IP addresses.

upvoted 0 times

...

Josphine

2 months ago

Option B sounds like the way to go. Separating the virtual switches and using the VM-Series firewall to secure the more sensitive group is a clean solution.

upvoted 0 times

...

Anastacia

3 months ago

I think option B is the best choice. It allows us to separate the VMs without changing their IP addresses.

upvoted 0 times

...