Paloalto Networks Updated PCNSE Exam Questions and Answers by adyan

For an application that is currently identified as unknown-tcp and has sessions that often remain idle for long periods, creating a custom application and using an application override rule is the most time-efficient solution.

C. The process involves:

• Creating a custom application in the Palo Alto Networks firewall and configuring it with specific timeouts to accommodate the application's idle session behavior. This step ensures that the firewall does not prematurely close the application's sessions due to inactivity.
• Next, creating an application override rule that references the custom application. This rule directs the firewall to identify traffic matching the rule criteria (such as source, destination, and port information) as the custom application, bypassing the App-ID engine's regular identification process.

This approach allows for the quick implementation of a solution that ensures the application is properly identified in traffic logs without undergoing threat scanning, meeting the requirements for both identification and reporting.

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/user-id/user-id-concepts/user-mapping/globalprotect.html

GlobalProtect is a VPN solution that provides secure remote access to corporate networks. When a user connects to GlobalProtect, their identity is verified against an LDAP server. This ensures that all IP address-to-user mappings are explicitly known.

The CLI command "show system state filter-pretty sys.sl.p8.phy" is used to display detailed physical layer information, which would include the physical media connected to a specific interface such as ethernet1/8. This command is designed to filter the output to show relevant physical layer information for the specified interface.For more information on Palo Alto Networks CLI commands and their outputs, refer to the "PAN-OS® CLI Reference Guide".

When implementing an application override in a Palo Alto Networks firewall, the primary goal is to explicitly define how specific traffic is identified and processed by the firewall, bypassing the regular App-ID process. This is particularly useful for traffic that might be misidentified by App-ID or for applications that require special handling for performance reasons.

To successfully implement application override, the following items must be configured:

B. Application override policy rule:This is a specialized policy rule that you create to specify the criteria for the traffic you want to override. In this rule, you define the source and destination zones, addresses, and ports. Instead of relying on the App-ID engine to identify the application, the firewall uses the criteria defined in the application override policy to classify the traffic.

C. Security policy rule:After defining an application override policy, you must also configure a security policy rule to allow the overridden traffic through the firewall. This rule specifies the action (allow, deny, drop, etc.) for the traffic that matches the application override policy. It's essential to ensure that the security policy rule matches the traffic defined in the application override policy to ensure that the intended traffic is allowed through the firewall.

For detailed guidance on configuring application override and the necessary security policies, refer to the official Palo Alto Networks documentation. This resource provides step-by-step instructions and best practices for effectively managing traffic using application overrides.