An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
An administrator needs to evaluate a recent policy change that was committed and pushed to a firewall device group. How should the administrator identify the configuration changes?
To evaluate recent configuration changes that have already been committed and pushed to a firewall device group, the best approach is to context-switch to the affected firewall and use the configuration audit tool. This tool allows the administrator to compare the current configuration with a previous version to identify the exact changes made. This method provides a clear and detailed view of the alterations, unlike the configuration logs which primarily outline the modifications without comparison, or the Test Policy Match which is used for evaluating how policies apply to traffic rather than viewing configuration changes.
The config changes under the Monitor tab, only show you if the state of the commit, it doesn't show you the config change The audit tool shows you what has changed in the configuration as you can select 2 dates of the configuration and then compare, what has changed. Just checked now in Panorama. D its only relevant if the commit was not performed and B its out of the question I believe that the most appropriate answer is C here, as you can compare an old configuration with the most recent one to check what is different.
I would go with A. The config audit tool shows the diff between the running config and the candidate config (saved config not yet committed). The question says that the config has already been committed, which means the running config and candidate config will be the same. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEaCAK
A is 100 % right
A : There is option for before and after change .
Configuration log Displays an entry for each configuration change. Each entry includes the date and time, the administrator username, the IP address from where the change was made, the type of client (web interface or CLI), the type of command executed, whether the command succeeded or failed, the configuration path, and the values before and after the change. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-web-interface-help/monitor/monitor-logs/log-types
A for sure you can check config changes directly on Pano, using Monitor Tab and configuration and can filter out using user/device etc....
C I would pick C here as the question asks to "evaluate" the resent config changes and the conf audit tool on the fw gives us the best overview of the changes that were committed. A is more log entry that config changes were made, but does not give you the config changes that could be hundreds of lines(not 100% sure here), but C is talking about exactly the tool that is specially developed to evaluate config changes. Correct me if I have something wrong here.
In the config audit tool from the firewall itself, you won't be able to see the changes pushed by the panorama. Only local changes can be seen there. So, C is not the correct answer.
A seems reasonable https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/monitor/monitor-logs/log-types#ide5162f14-a43b-4105-97eb-fae3d0c9e01a
A 100% verified
If it were several config changes, i would go for C but in this case it´s "policy change", meaning only 1 config change. Its' easier to check it on configuration logs
C : beacause preview change is available when you want to perform a commit and push. ( pre-view of your config )audit log can bring you the exact details of all detailed push and configuration performed by any others authorized users.
B is most appropriate as it provides evaluation of rules within the rule base. Since, the configuration has been pushed to the firewalls, the test policy function can be used. Preview changes or switching to firewall context and using config audit tool just compare the configurations.
Config Audit. Option C
Going with option C
C for sure! From Panorama you need to switch to the firewall you want, and then you can use the config audit tool to check the current config with the previous one.
change that was committed and pushed to a firewall device group - this means change was pushed from panorama, you will not find the panorama change in config audit if you are connected to the firewall, so C will not work
A (given how the question is worded). Misleading one IMO, admin needs to "evaluate recent policy change", then question asks for "identify the config change". evaluate = "Test policy match", nothing else would provide you better way to evaluate, so B mostly fits on this requirement identify = "Configuration log", as there you get an entry of every (recent and not only) change, so A mostly fits on this requirement finally to see exactly what the change in the config was, you can do the "configuration audit tool", so C would mostly fits here if they were asking for