Palo Alto Networks Exam PSE-Strata-Pro-24 Topic 3 Question 5 Discussion

Actual exam question for Palo Alto Networks's PSE-Strata-Pro-24 exam

Question #: 5
Topic #: 3

A systems engineer (SE) has joined a team to work with a managed security services provider (MSSP) that is evaluating PAN-OS for edge connections to their customer base. The MSSP is concerned about how to efficiently handle routing with all of its customers, especially how to handle BGP peering, because it has created a standard set of rules and settings that it wants to apply to each customer, as well as to maintain and update them. The solution requires logically separated BGP peering setups for each customer. What should the SE do to increase the probability of Palo Alto Networks being awarded the deal?

AWork with the MSSP to plan for the enabling of logical routers in the PAN-OS Advanced Routing Engine to allow sharing of routing profiles across the logical routers.

BCollaborate with the MSSP to create an API call with a standard set of routing filters, maps, and related actions, then the MSSP can call the API whenever they bring on a new customer.

CConfirm to the MSSP that the existing virtual routers will allow them to have logically separated BGP peering setups, but that there is no method to handle the standard criteria across all of the routers.

DEstablish with the MSSP the use of vsys as the better way to segregate their environment so that customer data does not intermingle.

Show Suggested Answer

Suggested Answer: A

To address the MSSP's requirement for logically separated BGP peering setups while efficiently managing standard routing rules and updates, Palo Alto Networks offers the Advanced Routing Engine introduced in PAN-OS 11.0. The Advanced Routing Engine enhances routing capabilities, including support for logical routers, which is critical in this scenario.

Why A is Correct

Logical routers enable the MSSP to create isolated BGP peering configurations for each customer.

The Advanced Routing Engine allows the MSSP to share standard routing profiles (such as filters, policies, or maps) across logical routers, simplifying the deployment and maintenance of routing configurations.

This approach ensures scalability, as each logical router can handle the unique needs of a customer while leveraging shared routing rules.

Why Other Options Are Incorrect

B: While using APIs to automate deployment is beneficial, it does not solve the need for logically separated BGP peering setups. Logical routers provide this separation natively.

C: While virtual routers in PAN-OS can separate BGP peering setups, they do not support the efficient sharing of standard routing rules and profiles across multiple routers.

D: Virtual systems (vsys) are used to segregate administrative domains, not routing configurations. Vsys is not the appropriate solution for managing BGP peering setups across multiple customers.

Key Takeaways:

PAN-OS Advanced Routing Engine with logical routers simplifies BGP peering management for MSSPs.

Logical routers provide the separation required for customer environments while enabling shared configuration profiles.

Palo Alto Networks PAN-OS 11.0 Advanced Routing Documentation

by Arminda at Jan 28, 2025, 06:20 AM

Limited Time Offer

25%

16 days ago

Creating a standardized API call is a smart idea. That way the MSSP can easily onboard new customers without having to manually configure everything.

upvoted 0 times

Stefanie

4 days ago

A) Work with the MSSP to plan for the enabling of logical routers in the PAN-OS Advanced Routing Engine to allow sharing of routing profiles across the logical routers.

upvoted 0 times

...

1 months ago

I think we should go with option A.

upvoted 0 times

...