03-13-2023 01:24 AM
hi can you tell me the right answer of this question please
Which level of abstraction allows definition of common policy across multiple next-generation firewalls (NGFWs) in Panorama?
03-13-2023 05:53 AM - edited 03-13-2023 05:59 AM
If there would be no answers in the list I would say "Device Groups".
None of provided answers are good match.
But if you need to choose then "D. Security profiles".
Security profiles are configured under Device Groups > Objects.
Other options are under Templates.
03-13-2023 06:53 AM
HI @Erdenebileg.Baasantogtokh ,
The answer by @Raido_Rattameister is correct. Security profiles are in device groups and very easily implemented as a common configuration across all NGFWs. The other 3 answers are in templates, but they also require NGFW specific information. Zones require interfaces. Interfaces require IP addresses. Zone protection profiles require zones.
While not part of the question, to try to create a common template for zones, interfaces, or zone protection profiles would require configuration in the template stack to tie the NGFW specific config to each item. For Network configuration, it's easier to have duplicates in the templates. Perhaps that is why Panorama has a button to easily clone templates.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
