Which policy set should be used to ensure that a policy is applied just before the default security rules?
Which policy set should be used to ensure that a policy is applied just before the default security rules?
To ensure that a policy is applied just before the default security rules, the appropriate option is the Child device-group post-rulebase. The default security rules are typically the last set of rules applied, and the post-rulebase of the child device-group is evaluated right before these default rules, making it the correct choice.
Order: Shared pre-rules Device group pre-rules Local firewall rules Device group post-rules Shared post-rules Intrazone-default Interzone-default
A. Shared post-rulebase The shared post-rulebase is evaluated after the pre-rulebase and before the default security rule
Answer should be D as the question asks for the policy to be placed JUST BEFORE the default rules
Based on the poorly worden question, and reply from rehor, I'm tempted to say that the answer is B ! Local firewall rules = policy no ??
my bad answer is A :)
answer A
I'm not sure but according to this link it would be answer A https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/device-groups/device-group-policies