By default, the firewall uses the management (MGT) interface to access external services, such as DNS servers, external authentication servers, Palo Alto Netw orks services such as soft ware, URL updates, licenses, and AutoFocus. An alternative to using the MGT interface is configuring a data port (a standard interface) to access these services. The path from the interface to th e service on a server is aservice route.
[Palo Alto Networks]
DNS resolution, and generally external reachability, is routed by default on the control plane (MGT interface). Service route feature allows to change the default routing behaviour by setting the data plane as the routing path.
A DNS Proxy on the firewall is configured to act as the DNS server for the hosts that reside on the tenant’s network connected to the firewall interface
"In such a scenario, the firewall performs DNS resolution on its dataplane."
Ref: https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/dns/use-case-3-firewall-acts-as-dns-proxy-between-client-and-server
That's correct for dataplane interfaces, control plane (or management plane). By default uses it's interface to process DNS queries, unless you configure Service Routes. Answer should be D
The firewall uses the management (MGT) interface by default to access external services, such as DNS servers, external authentication servers, as well as various Palo Alto Networks services, including software, URL updates, licenses, external dynamic lists (EDLs), and AutoFocus. An alternative to using the MGT interface is to configure a data port (a regular interface) to access these services. The path from the interface to the service on a server is known as a service route.
When configured as a DNS proxy, the firewall is an intermediary between DNS clients and servers; it acts as a DNS server itself by resolving queries from its DNS proxy cache. If it doesn’t find the domain name in its DNS proxy cache, the firewall searches for a match to the domain name among the entries in the specific DNS proxy object (on the interface on which the DNS query arrived). The firewall forwards the query to the appropriate DNS server based on the match results. If no match is found, the firewall uses default DNS servers.
The answer is C. DNS Proxy.
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/networking/dns/use-case-3-firewall-acts-as-dns-proxy-between-client-and-server.html
C indeed.
A DNS Proxy on the firewall is configured to act as the DNS server for the hosts that reside on the tenant’s network connected to the firewall interface
"In such a scenario, the firewall performs DNS resolution on its dataplane."
The answer is D
Quoting https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/pcnsa-study-guide-latest.pdf
" Service routes are used so that the
communication between the firewall and servers goes through the data ports on the data plane."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
venom6
Highly Voted 3 years, 11 months agoramasamymuthiah
Highly Voted 3 years, 7 months agoCro13
Most Recent 6 months agokenyabolada
1 year, 4 months agoBeforeScope
1 year, 10 months agodaytonadave2011
1 year, 11 months agoDDisGR8
2 years, 3 months agop48m1
2 years, 3 months agoelbi05
2 years, 5 months agodrogadotcom
1 year, 7 months agojavim
2 years, 5 months agoLordScorpius
2 years, 8 months agozeebo340
2 years, 8 months agoerror_909
2 years, 8 months agoobxfaepjwjsiflnecy
2 years, 9 months agodawlims
2 years, 10 months agoelbi05
2 years, 5 months agolessimos
2 years, 12 months agoJeevanchalhai
3 years, 1 month ago