An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall.
Which priority is correct for the passive firewall?
An administrator has been asked to configure active/passive HA for a pair of Palo Alto Networks NGFWs. The administrator assigns priority 100 to the active firewall.
Which priority is correct for the passive firewall?
In an active/passive high availability (HA) configuration for Palo Alto Networks Next-Generation Firewalls (NGFWs), the active firewall is given a lower numerical priority value to ensure it takes precedence. Given that the active firewall has a priority value of 100, the passive firewall must be assigned a higher numerical priority value to ensure it does not take over unless necessary. Therefore, the correct priority for the passive firewall should be a value greater than 100, making 255 the appropriate choice.
The lower the number, the higher the priority. So if active is higher priority, therefore assigned 100 , then the only one that will be second priority will be with number larger than 100 so Only 255 is applicable. Therefore D is the correct answer.
Answer: D Passive needs lower priority so higher number. https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/pan-os/10-0/pan-os-admin/pan-os-admin.pdf page 315
only D
firewall with the lower numerical value, and therefore higher priority, is designated as active.
D is correct
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/device-priority-and-preemption
Correct Answer: D
D IS CORRECT
Correct Answer: D PAN-OS: 10.2 Time of answer: May 30, 2022
The firewall you plan to make active must have a lower numerical value than its peer. So, if Peer A is to function as the active firewall, keep the default value of 100 and increment the value on PeerB.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/device-priority-and-preemption
The only answer it can be is D. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/device-priority-and-preemption
D: lower numeric value is higher priority
The firewalls in an Active-Passive HA pair can be assigned a device priority value to indicate a preference for which firewall should assume the active role. If you need to use a specific firewall in the HA pair for actively securing traffic, you must enable the preemptive behavior on both the firewalls and assign a device priority value for each firewall. The firewall with the lower numerical value, and therefore higher priority, is designated as active. The other firewall is the passive firewall.
In an active/passive High Availability (HA) configuration for Palo Alto Networks NGFWs, the firewalls are assigned priorities to determine which firewall will act as the active device and which will act as the passive (standby) device. The firewall with the higher priority becomes the active device. The active firewall is assigned a priority of 100 (as stated in the question). The passive firewall should be assigned a lower priority than the active firewall. The most logical and common choice is 99. This ensures that: The firewall with priority 100 will always take the active role. The firewall with priority 99 will remain in standby (passive) mode unless the active firewall fails.
The correct answer is: B. 99 Explanation: In Palo Alto Networks active/passive High Availability (HA) configuration: The active firewall should have a higher priority (e.g., 100). The passive (standby) firewall should have a lower priority (e.g., 99). This ensures that the firewall with the higher priority (100) takes the active role, while the one with the lower priority (99) remains in standby mode. Why Not the Other Options? A. 0 – Too low and not a typical best practice (could cause issues if HA negotiation fails). C. 1 – While technically possible, it’s not the standard approach when the active firewall is set to 100. D. 255 – This is the default HA priority, not used for passive firewalls in an active/passive setup. Thus, B (99) is the correct priority for the passive firewall when the active firewall is set to 100.
It’s D cause we had one guy when he wanted to fail over he would change the active to higher number than the passive. Lol