Exam PCNSA topic 1 question 164 discussion

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0 1. Zone protection 2. Decryption 3. App-ID 4. Security profile enforcement

I believe that it goes in this order 1.Decryption 2.Zone protection 3.Security profile enforcement 4.App-ID

IPSec/SSL tunnel decryption --> zone protection --> app-id(SSL/SSH) --> SSL/SSH proxy engine --> app-id --> security profile (content inspection )

The packet processing order in Palo Alto Networks firewalls typically follows these steps: Packet Ingress: Zone Protection: This is where the firewall evaluates if the packet complies with the security policies defined for the source and destination zones. Decryption: If the traffic is encrypted, the firewall decrypts the packet to inspect the decrypted content. Decryption is often performed using SSL decryption policies. App-ID (Application Identification): The firewall identifies the application associated with the traffic. This is a crucial step in allowing or blocking traffic based on the specific applications being used. Security Profile Enforcement: After the application is identified, security profiles (such as antivirus, anti-spyware, and vulnerability protection) are applied to the traffic to detect and prevent threats.

This question is confusing as f*ck. It all depends on wether decryption is based on ssl proxy or VPN traffic And wether a session already exists or not. So if this would be adressing a NEW session of SSL Proxy traffic, the order should be 1. Zone protection 2. Decryption 3. App-ID 4. Security profile enforcement

Decryption Zone protection App-ID Security profile enforcement

I think it should be Decryption, Zone Protection, App-ID then Security Profile enforcement. See link below. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0

1. Zone protection 2. Security profile enforcement 3. Decryption 4. App id

1. Zone protection 2. Decryption 3. App id 4. Security profile enforcement

https://networkinterview.com/packet-flow-in-palo-alto-detailed-explanation/

Zone Protection Checks TCP State Check Forwarding (based on interface type) NAT Policy Lookup (only L3 & Virt wire) DoS Protection Policy Lookup Security Policy Lookup Session Allocation Firewall Session Fast Path (if packet from existing session) Security Processing Captive Portal Application Identification Content Inspection Forwarding/Egress (includes QoS)