Which type of interface does a firewall use to forward decrypted traffic to a security chain for inspection?
Which type of interface does a firewall use to forward decrypted traffic to a security chain for inspection?
A firewall uses a Decryption Mirror interface to forward decrypted traffic to a security chain for inspection. This feature allows the firewall to passively monitor and forward decrypted traffic without altering it, ensuring that the traffic can be further inspected by dedicated security tools.
Initially thought it was D but A is correct. Configure security chain devices with Layer 3 interfaces to connect to the security chain network. These Layer 3 interfaces must have an assigned IP address and subnet mask. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/security-chain-layer-3-guidelines.html
Ans is D
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-security-chain-layer-3#id182QM0B0S9D
it is a nasty question. I guess it receives on the decryption mirror and forwards out layer 3.
Decryption Broker: Forwarding Interfaces A firewall enabled as a decryption broker uses a pair of dedicated Layer 3 interfaces to forward decrypted traffic to a security chain for inspection. The decryption forwarding interfaces must be assigned to a brand new virtual router https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-forwarding-interfaces
This is a shitty question. Assuiming, the firewall is decrypting the traffic, I would go with D: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/decryption-concepts/decryption-mirroring.html Assuming the firewall is part of a Security Chain and the traffic is already decrypted (not decrypted on the firewall), I would go with A: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/network-packet-broker/configure-routed-layer-3-security-chains
It asks which 'interface' , Decryption mirror is not an interface
Should be A. Decryption Mirror should mainly for DLP kind of devices, without coming "back" traffic.
Answer: A - layer 3 "A firewall enabled as a decryption broker uses a pair of dedicated Layer 3 interfaces to forward decrypted traffic to a security chain for inspection. " https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-concepts/decryption-broker-forwarding-interfaces
Follow these guidelines to set up Layer 3 security chain devices to support decryption broker: Configure security chain devices with Layer 3 interfaces to connect to the security chain network. These Layer 3 interfaces must have an assigned IP address and subnet mask.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/network-packet-broker/configure-routed-layer-3-security-chains