Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three.)
Which three use cases are valid reasons for requiring an Active/Active high availability deployment? (Choose three.)
Active/Active high availability deployments are used in environments requiring real full-time redundancy from both firewalls, ensuring continuous operation even if one fails. This deployment is also necessary when traffic needs to be load-shared across both firewalls to handle peak traffic spikes, allowing better traffic management and reduced latency. Additionally, Active/Active HA ensures that both firewalls maintain their own routing tables, enabling faster dynamic routing protocol convergence and improving overall network resilience and performance.
I think that it is A,B,E because configuration is fully sinchronized in a A/P too.
Active/Active— Both firewalls in the pair are active and processing traffic and work synchronously to handle session setup and session ownership. Both firewalls individually maintain session tables and routing tables and synchronize to each other. ctive/active mode is recommended if each firewall needs its own routing instances and you require full, real-time redundancy out of both firewalls all the time. Active/active mode has faster failover and can handle peak traffic flows better than active/passive mode because both firewalls are actively processing traffic. https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/high-availability/ha-concepts/ha-modes
full synchronization is also available in active /passive
worth noting that A/A does not load balance traffic... it can load-share "An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs. Ways to load share sessions to both firewalls include using ECMP, multiple ISPs, and load balancers."
Correct answer is ABE C makes no sense D can also be done with Active-Passive HA A is a little ambiguous since A/A HA doesn't guarantee that both fw will always be working, it just says that if one fails the other is still working, but A/P just guarantees that at least one will always be working so only A/A can achieve what A) describes B. Is the textbook definition of why Active/active HA can be useful E. Is one of the reasons why A/A HA can be faster.
Voted ABE (D is applicable for both a/a and a/p)
configuration is Synced in A/P too, answer is A B E.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/high-availability/ha-concepts/ha-modes A. Yes. "you require full, real-time redundancy out of both firewalls all the time." B. Yes. "you can load-share by sending traffic to the peer" and "the HA pair can be used to temporarily process more traffic than what one firewall can normally handle." C. No. "Active/active HA is supported in virtual wire and Layer 3 deployments." D. No. "Active/Passive— share the same configuration settings" This is not unique to active/active. E. Yes. "Both firewalls individually maintain session tables and routing tables" Though I don't like that B contradics "no load balancing occurs," it's still the only viable third answer here.
D. But still it doenst mean that D fullfills that requirement ? As CertboxExam correctly pointed out, Active/Active doesnt do load-balance.
Apologies, D. But still it doesn't mean that D cannot fullfills that requirement ?
b is for active/active
I vote ABE.
1. configuration is fully synchronised in a A/P too. 2. C doesn't make any sense at all.
A,D,E Yes A:Active/active mode is recommended ..if you require full, real-time redundancy out of both firewalls all the time. Not B:An active/active configuration does not load-balance traffic. Although you can load-share by sending traffic to the peer, no load balancing occurs. Not C: active/active mode does support Layer 2 deployment, Only L3 and Vwire Yes E:Active/Active firewalls individually maintain session tables and routing tables and synchronize to each other. Leaves D, left as 3rd answer
A,B,E are the correct options
ABE. "Active/active mode has faster failover and can handle peak traffic flows better than active/passive mode because both firewalls are actively processing traffic." Source:https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/ha-modes
ADE is correct
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/ha-concepts/arp-load-sharing Firewall support ARP load sharing but not the load balancing.
ABE, C is only possible on Active/Passive, and D is incorrect since the config is sync on Active/Passive too.