View all questions & answers for the Palo Alto Next-Generation Firewall Engineer Exam Materials exam


Question 5 Discussion

An engineer at a managed services provider is updating an application that allows its customers to request firewall changes to also manage SD-WAN. The application will be able to make any approved changes directly to devices via API. What is a requirement for the application to create SD-WAN interfaces? (Choose one answer)

  • A. REST API’s “sdwanInterfaceprofiles” parameter on a Panorama device
  • B. REST API’s “sdwanInterfaces” parameter on a firewall device
  • C. XML API’s “sdwanprofiles/interfaces” parameter on a Panorama device
  • D. XML API’s “InterfaceProfiles/sdwan” parameter on a firewall device
Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments



Yomna Adel Abdelhameed Mohamed 2025-12-26 19:33:33

Selected Answers: B


n Palo Alto Networks PAN-OS SD-WAN environments, automation and orchestration are key components for service providers managing large-scale deployments. The PAN-OS REST API provides a modern, structured way to programmatically manage configuration objects, including those required for SD-WAN functionality.

When an application is designed to push changes directly to devices (individual firewalls) rather than through a centralized template in Panorama, it must interact with the firewall's local REST API. To successfully create a virtual SD-WAN interface, the application must target the correct resource URI. In the PAN-OS API schema, the logical SD-WAN interface—which groups physical links to enable application-based path selection—is managed via the sdwanInterfaces parameter within the REST API.

It is important to distinguish between the interface itself and the profiles that support it. Option A refers to sdwanInterfaceprofiles, which are the objects used to define the characteristics of a link (such as bandwidth, link type, and monitoring frequency), but not the interface itself. Furthermore, since the scenario specifies making changes "directly to devices," the target must be the firewall rather than Panorama. While Panorama can manage these objects via templates, a direct-to-device automation workflow necessitates using the firewall’s REST API endpoint. Utilizing the REST API over the legacy XML API is the recommended standard for modern integrations due to its ease of use with JSON payloads and alignment with contemporary DevSecOps practices. By using the sdwanInterfaces parameter on the firewall, the MSP application can programmatically bind physical Layer 3 interfaces to the SD-WAN fabric.

Ayesha 2026-01-24 02:38:52

Selected Answers: B


A (Incorrect): Targets Panorama (violates "directly to devices") and targets the Profile (not the Interface).
B (Correct): Targets the Firewall (directly) and uses the correct REST API parameter (sdwanInterfaces) to create the interface.
C (Incorrect): Targets Panorama and uses the XML API format which is less standard for this specific modern SD-WAN automation context compared to the REST examples.
D (Incorrect): InterfaceProfiles/sdwan is not the standard parameter structure for creating the top-level SD-WAN interface object.