All users from the internal zone must be allowed only HTTP access to a server in the DMZ zone.
Complete the empty field in the Security policy using an application object to permit only this type of access.
Source Zone: Internal -
Destination Zone: DMZ Zone -
Application: __________
Service: application-default -
Action: allow
To allow HTTP access, the correct application object to use is 'web-browsing.' In the context of network security policies, 'http' refers to a service, not an application. 'web-browsing' is the appropriate application identifier that encompasses HTTP (tcp/80) traffic. Therefore, it should be used in the Application field to permit only HTTP access to the server in the DMZ zone.
i think the answer is B, becauce http is not an application but service, the web-browsing cab be http/https.
This was oddly worded and the whole question should not even count. The question is clearly specifying ONLY HTTP traffic, but the provided options do not match the asked criteria. HTTP is a server, and web-browsing is an APP-ID. However, "web-browsing" if left alone with default application service allows both http and https. More over, the answer doesn't make a correction in the Service option and leaves it as application-default. I agree that the answer, based on the requirements is B, but the question sucks.
http is not an app-id, web-browsing is: https://applipedia.paloaltonetworks.com/
Web browsing is a valid add id while http is not, http is a service and not an app
APP id and not add id, sorry for the typo
http is a service. web-browsing should be selected
B is correct as it uses tcp/80 in app-id.
B is correct