A network security engineer needs to permit traffic between two distinct VSYS that reside on one Palo Alto Networks firewall. This traffic will not egress the firewall to an external device. Which zone type must be configured to act as the logical source and destination for this traffic flow? (Choose one answer)

A. TAP
B. Layer 2
C. Layer 3
D. External

Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments

ali pc 2025-12-18 16:54:05

Selected Answers: D

The Correct Answer: External
The External zone type is specifically designed to act as the logical bridge for traffic flowing between two virtual systems (vsys) on the same physical firewall without that traffic ever leaving the device (no physical egress).

Brave-Dumps Admin 2025-12-22 16:25:44
you are right, thank you.