An administrator plans to deploy 15 firewalls to act as GlobalProtect gateways around the world. Panorama will manage the firewalls.
The firewalls will provide access to mobile users and act as edge locations to on-premises infrastructure. The administrator wants to scale the configuration out quickly and wants all of the firewalls to use the same template configuration.
Which two solutions can the administrator use to scale this configuration? (Choose two.)
To scale the configuration of multiple firewalls managed by Panorama efficiently, the administrator should use template stacks and variables. Template stacks allow the administrator to group templates that can be applied to multiple firewalls, ensuring consistency and ease of management. Variables provide a mechanism to define dynamic values within these templates, enabling customization for different firewalls without creating entirely separate templates. Virtual systems are not applicable as they are used to create multiple, separate firewall instances within a single physical firewall, which is not needed here. Collector groups are related to log aggregation and are irrelevant for the deployment and configuration of firewalls in this context.
Another wrong answer. Should be B and C: https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/templates-and-template-stacks
B and C are correct!
Should be BC. https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/manage-templates-and-template-stacks/configure-template-or-template-stack-variables.html
Virtual systems and Variables don't make any sense with so many firewalls and sites and using panorama.
Sorry i meant B and C!! ignore my first comment, i marked it as spam, hope it gets deleted.
Answers are B, C. Clearly, this is a question about templates, template stacks and variables in Panorama. The key to answering this question is to understand template capabilities and exceptions. You cannot use templates or template stacks to set firewall modes, but as an exception, Panorama can push default vsys settings in a template to firewalls that don't support them or don't have any vsys configured. Since these PANs will be shipped world-wide, you will benefit from the use of variables to serve as placeholder objects based on configuration needs.
1 : https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/virtual-systems/virtual-systems-overview/benefits-of-virtual-systems //// 2 : https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/templates-and-template-stacks
Yes, your 1st link speaks about scalability but it refers to general scalability. However for c2s vpn connections doesn't play a role, so I believe B & C are correct.
B and C are correct
Should be BC.
B and C
Template Variables allow you to assign a dynamic value in a template configuration you can overwrite later in a template stack. This can be particularly useful for IPv4 addresses you do not know value when configuring a template. The IPv4 template variable can be referenced in different parts of the template configuration like in Global Protect configuration. Procedure When you are using IPv4 template variable for Gateway and/or Portal in Global Protect Configuration, you have to be sure this variable is also used to configure IP setting of the physical interface. You have to verify this in Template configuration but also in Template stack configuration. Template stack can contain more than one template, setting IPv4 configuration with conflicting values; the First template applied will prevail. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PO4UCAW
Cannot be A: Virtual systems are separate, logical firewall instances within a single physical Palo Alto Networks firewall. - FWs are being deployed around the world and acting as edge locations on premisis https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/virtual-systems/virtual-systems-overview Cannot be D: Panorama uses Log Collectors to aggregate logs from managed firewalls. When generating reports, Panorama queries the Log Collectors for log information, providing you visibility into all the network activity that your firewalls monitor. https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-logging-and-reporting/managed-collectors-and-collector-groups A Collector Group is 1 to 16 managed collectors that operate as a single logical log collection unit. Therefore must be B and C which make the most sense
B and C You cannot use templates or template stacks to set firewall modes: multiple virtual systems (multi-vsys) mode
I believe AB. Scalability is a benefit of Virtual Systems. Allows you to have multiple, separate firewalls in the same physical box. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/virtual-systems/virtual-systems-overview/benefits-of-virtual-systems#idcc37de80-c922-4762-97cf-66516a939cdf
Template stacks and variables should be used. Collector Group is applicable only for panorama logging and make no sense for this question.