A web server is hosted in the DMZ and the server is configured to listen for incoming connections on TCP port 443. A Security policies rules allowing access from the Trust zone to the DMZ zone needs to be configured to allow web-browsing access. The web server hosts its contents over HTTP(S). Traffic from Trust to DMZ is being decrypted with a Forward Proxy rule.
Which combination of service and application, and order of Security policy rules, needs to be configured to allow cleartext web- browsing traffic to this server on tcp/443.
A . Rule #1: application: web-browsing; service: application-default; action: allow Rule #2:
application: ssl; service: application-default; action: allow
B . Rule #1: application: web-browsing; service: service-https; action: allow Rule #2:
application: ssl; service: application-default; action: allow
C . Rule # 1: application: ssl; service: application-default; action: allow
Rule #2: application: web-browsing; service: application-default; action: allow
D . Rule #1: application: web-browsing; service: service-http; action: allow Rule #2:
application: ssl; service: application-default; action: allow
Answer: B
Explanation:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEyCAK
Leave a Reply