An engineer is designing a deployment of multi-vsys firewalls.
What must be taken into consideration when designing the device group structure?
A.
Only one vsys or one firewall can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.
B.
Multiple vsys and firewalls can be assigned to a device group, and a multi-vsys firewall can have each vsys in a different device group.
C.
Multiple vsys and firewalls can be assigned to a device group. and a multi-vsys firewall must have all its vsys in a single device group.
D.
Only one vsys or one firewall can be assigned to a device group, except for a multi-vsys firewall, which must have all its vsys in a single device group.
Still think it should be answer B:
If I read the following, I understand that one FW or vsys can only be assigned to one device group, But multiple different FW's or vsys can be assigned to the same device group.
#"Firewalls can belong to only one device group but, because virtual systems are distinct entities in Panorama, you can assign virtual systems within a firewall to different device groups."
#DEVICE GROUP SETTINGS - DESCRIPTION
#Devices; Select each firewall that you want to add to the device group.
src;
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-web-interface-help/panorama-web-interface/panorama-device-groups
Answer:A
>Only one vsys or one firewall can be assigned to a device group,
>and a multi-vsys firewall can have each vsys in a different device group.
From Docs:
#You can assign any one firewall or virtual system (vsys) to only one device group.
#Panorama automatically creates one device group for each firewall or one device group for each virtual system (vsys) in a multi-vsys firewall.
https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/manage-device-groups/create-a-device-group-hierarchy
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-to-panorama-management
There is a huge difference between:
You can assign any one firewall or virtual system (vsys) to only one device group
and
Only one vsys or one firewall can be assigned to a device group
The first is a firewall or vsys can only be in one device group (correct), the second is each device group can have only one firewall or vsys assigned to it (incorrect).
either B or C
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-new-features/panorama-features/device-group-push-to-a-multi-vsys-firewall
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
123XYZT
9 months, 2 weeks agoMarshpillowz
1 year, 3 months agoTeachTrooper
1 year, 3 months agoKaifus
1 year, 3 months agoMerlin0o
1 year, 3 months agoBetty2022
1 year, 9 months agoTeachTrooper
1 year, 3 months agoHiro5000
1 year, 4 months agoPaloSteve
1 year, 9 months agoMrR0bot
2 years, 3 months agoPassam
2 years, 4 months ago