View all questions & answers for the Palo Alto Network Security Professional (NetSec-Pro) Exam Materials exam


Question 47 Discussion

Which action is only taken during slow path in the NGFW policy? (Choose one answer)

  • A. Session lookup
  • B. SSL/TLS decryption
  • C. Layer 2–Layer 4 firewall processing
  • D. Security policy lookup
Correct Answer: D

Brave-Dump Clients Votes

B 50%
D 50%

Comments



aieasa 2025-11-03 00:37:29

Selected Answers: B


In Palo Alto Networks Next-Generation Firewall (NGFW) architecture, traffic is processed through either the fast path or the slow path, depending on the complexity of inspection required.
• Slow path is triggered when deeper inspection is needed—such as SSL/TLS decryption, application identification, or content scanning.
• SSL/TLS decryption involves breaking open encrypted traffic to inspect its contents for threats, data exfiltration, or policy violations. This process is resource-intensive and only occurs in the slow path.
  • Brave-Dumps Admin 2025-11-03 15:27:13
    I see D is the correct, please write your reference with the answer

Ayesha 2026-02-16 18:48:52

Selected Answers: D


The Palo Alto Networks Next-Generation Firewall (NGFW) processes network packets through different paths depending on whether a session already exists for the traffic. These paths are generally categorized as Slow Path, Fast Path, and Offloaded.

When the very first packet of a new session arrives, no session has been created yet, and this packet is processed in the Slow Path. During this phase, the Dataplane performs several unique operations, including:

Forwarding lookup to determine the egress zone.

NAT policy lookup and a second forwarding lookup if Destination NAT (DNAT) is applied.

First security policy lookup to match rules, especially those with 'any' application configured.

Either the packet is discarded, or a new session is created and installed in the Dataplane .

For subsequent packets of the same session, the firewall uses the Fast Path. In the Fast Path, most of the operations performed during the Slow Path do not need to be repeated, with the exception of the forwarding lookup, which is still performed for each packet before it is sent to the egress interface . This means that the initial security policy lookup is a process that occurs exclusively during the slow path for the first packet of a session.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWFCA0