A company wants to implement threat prevention to take action without redesigning the network routing.
What are two best practice deployment modes for the firewall? (Choose two.)
A company wants to implement threat prevention to take action without redesigning the network routing.
What are two best practice deployment modes for the firewall? (Choose two.)
The best practice deployment modes for implementing threat prevention without redesigning the network routing are Virtual Wire and Layer 2. Virtual Wire allows the firewall to be placed transparently between two network segments, providing security without needing to change the network configuration. Layer 2 mode allows the firewall to inspect and prevent threats within the same VLAN, also without requiring reconfiguration of network routing. TAP mode cannot enforce threat prevention as the traffic is not in-line, and Layer 3 mode would necessitate changes in the network routing.
Answers are A and B. They wouldn't require network redesign and can still apply the threat prevention profiles. TAP wouldn't need to redesign the network, but since the firewall won't be in-line with the traffic, it wouldn't be able to apply the threat prevention. Layer 3 would require a redesign of the network.
What do you mean it seems right?
A and B are correct
Firewalls in Layer 2 or virtual wire mode can inspect and provide threat prevention for the tagged traffic.
seems right. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/configure-interfaces/virtual-wire-interfaces