Paloalto Networks Updated PCNSA Exam Questions and Answers by alannah

The best-practice approach to logging traffic that traverses the firewall is to enable log at session end only. This option allows the firewall to generate a log entry only when a session ends, which reduces the load on the firewall and the log storage. The log entry contains information such as the source and destination IP addresses, ports, zones, application, user, bytes, packets, and duration of the session. The log at session end option also provides more accurate information about the session, such as the final application and user, the total bytes and packets, and the session end reason1. To enable log at session end only, you need to:

• Create or modify a Security policy rule that matches the traffic that you want to log.
• Select the Actions tab in the policy rule and check the Log at Session End option.
• Commit the changes to the firewall or Panorama and the managed firewalls.

References: View and Manage Logs, Log at Session End, Certifications - Palo Alto Networks, [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)] or [Palo Alto Networks Certified Network Security Administrator (PAN-OS 10.0)].

The IP Modulo session distribution method assigns sessions to dataplane processors (DPs) based on the modulo of the source and destination IP addresses. This method is suitable for environments that use NAT with a large number of translated IP addresses and ports. It ensures that sessions with the same source and destination IP addresses are processed by the same DP, regardless of the port numbers. This can improve performance and avoid out-of-order packets.