Why are VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster problematic for protecting containerized workloads?
Visibility into application-level cluster traffic:
VM-Series firewalls and hardware firewalls that are external to the Kubernetes cluster lack the necessary visibility into the traffic and communications occurring at the application level within the cluster. This limitation impedes their ability to effectively protect containerized workloads.
Palo Alto Networks Kubernetes Security Guide
How are CN-Series firewalls licensed?
Data-plane vCPU Licensing:
The CN-Series firewalls are licensed based on the number of data-plane vCPUs. This licensing model reflects the processing power dedicated to handling traffic and security enforcement within the containerized environment.
Palo Alto Networks CN-Series Licensing Guide
What do tags allow a VM-Series firewall to do in a virtual environment?
Tags in a VM-Series firewall environment allow administrators to dynamically adjust security policy rules based on changes within the virtual environment. These tags can be used to label and categorize virtual machines (VMs) or other entities within the environment, and policies can be created to automatically respond to these tags. This facilitates adaptive security measures that align with the current state and requirements of the environment.
Palo Alto Networks VM-Series Deployment Guide: Dynamic Address Groups and Tags
What are two requirements for automating service deployment of a VM-Series firewall from an NSX Manager? (Choose two.)
For automating the deployment of VM-Series firewalls from NSX Manager, Panorama must be configured to recognize and communicate with both the NSX Manager and vCenter. This ensures that Panorama can manage the firewall policies and orchestration efficiently.
Palo Alto Networks NSX Integration Guide
VM-Series Firewall Communication with Panorama:
It is crucial that the deployed VM-Series firewall can establish communication with Panorama. This connection allows for the centralized management of the firewalls and ensures that policy updates and configurations can be pushed from Panorama to the VM-Series firewalls.
Palo Alto Networks VM-Series Deployment Guide
Which offering can gain visibility and prevent an attack by a malicious actor attempting to exploit a known web server vulnerability using encrypted communication?
SSL Inbound Inspection allows VM-Series firewalls to decrypt, inspect, and re-encrypt SSL/TLS traffic coming into the network. This capability enables the firewall to gain visibility into encrypted communication and prevent attacks that exploit known web server vulnerabilities, even when the traffic is encrypted. By inspecting the decrypted traffic, the firewall can apply security policies to detect and block malicious activity.
Palo Alto Networks SSL Decryption Guide: SSL Decryption
Palo Alto Networks SSL Inbound Inspection Documentation: SSL Inbound Inspection
