An engineer must configure the Decryption Broker feature. Which Decryption Broker security chain supports bi-directional traffic flow?
An engineer must configure the Decryption Broker feature. Which Decryption Broker security chain supports bi-directional traffic flow?
The Decryption Broker feature can use both Layer 3 security chains and Transparent Bridge security chains. Both support bidirectional traffic flow, which allows the traffic to move in both directions between the firewall and the security devices. A Layer 3 security chain is specifically designed for routing purposes and handles bidirectional traffic between different network segments. Its configuration involves dealing with IP addresses and routing protocols, making it suitable for more complex network environments. This makes it the most commonly referenced type for bidirectional traffic flow scenarios.
Layer 3 and Transparent Bridge support Bidirectional
B and C are correct here as stated above. Also Decryption broker is now called Network packet broker https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/networking-features/network-packet-broker
B !! : https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/security-chain-layer-3-guidelines
Answer is B ================================== The Decryption Broker feature supports two types of security chain networks: Layer 3 security chains and Transparent Bridge security chains. You can configure the firewall to direct traffic through the security chain either unidirectionally or bidirectionally1. **When it comes to bi-directional traffic flow, the Layer 3 security chain is the one you’re looking for. Let me provide more details about how it works: The firewall uses the Primary Interface dedicated to decryption forwarding to forward both inbound and outbound sessions to the first security chain device. The last security chain device forwards both inbound and outbound sessions back to the firewall2.
Answers are B, C. The bidirectional flow option is available for both security chain types. Your network topology determines whether to use unidirectional or bidirectional flows. The performance is approximately the same using either method.
nasty question. both B and C are valid
Other than B, looks like that C is correct as well based on following: "Set the Flow Direction for decrypted traffic the firewall forwards: Unidirectional or Bidirectional." https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/decryption/decryption-broker/decryption-broker-configure-with-transparent-bridge