An internal system is not functioning. The firewall administrator has determined that the incorrect egress interface is being used. After looking at the configuration, the administrator believes that the firewall is not using a static route.
What are two reasons why the firewall might not use a static route? (Choose two.)
The firewall might not use a static route if there is a duplicate static route and if path monitoring on the static route is configured. A duplicate static route can cause confusion in routing decisions, leading the firewall to choose a different route. Path monitoring can also impact the use of a static route; if the monitored path is down, the firewall will select an alternative route.
I think A AND D since you can have a duplicate static route in the RIB but not in the FIB since the routes have different metrics/hops. I think this is a poorly written question and left out info related to the question. Or maybe it was transcribed incorrectly from the source, it just seem the question is incomplete and missing information
I chose "AD", because the "no install" option means that the admin never wanted to use that route. A duplicate static route can be configured with a different next hop and metric!
If you configure another route with different next hop and metric, than you have two different routes, not duplicate routes!
If "duplicate static route" means same route with "different next hop", A could be the reason.
you can no install in static routing by changing the unicast drop list to no install
Ans: B & D. When you Configure Path Monitoring for a Static Route, the firewall uses path monitoring to detect when the path to one or more monitored destination has gone down. The firewall can then reroute traffic using alternative routes. The firewall uses path monitoring for static routes much like path monitoring for HA or policy-based forwarding (PBF) https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-networking-admin/static-routes/static-route-removal-based-on-path-monitoring
How can path monitoring effects static routes?
Path monitoring could be detecting the next hop is down
you cant disabling a route and you can't create a duplicate static route
B and D
When you Configure Path Monitoring for a Static Route, the firewall uses path monitoring to detect when the path to one or more monitored destination has gone down. The firewall can then reroute traffic using alternative routes.
BD is correct "No Install" is used if you do not want to install the route in the forwarding table. And if path monitoring on the route fails it also won't be used
yes but why then be surprised that a second route doesn't work when it was not configured to be installed in the first place? I don't think the "no install" option is correct here.
A AND D. having duplicate routes is one of the most common mistakes.
I am agreed there is no duplicate and disable routes