An NGFW engineer is configuring multiple Layer 2 interfaces on a Palo Alto Networks firewall, and all interfaces must be assigned to the same VLAN. During initial testing, it is reported that clients located behind the various interfaces cannot communicate with each other. Which action taken by the engineer will resolve this issue? (Choose one answer)

A. Configure each interface to belong to the same Layer 2 zone and enable IP routing between them.
B. Assign each interface to the appropriate Layer 2 zone and configure a policy that allows traffic within the VLAN.
C. Assign each interface to the appropriate Layer 2 zone and configure Security policies for interfaces not assigned to the same zone.
D. Enable IP routing between the interfaces and configure a Security policy to allow traffic between interfaces within the VLAN.

Correct Answer: C

Brave-Dump Clients Votes

C 100%

Comments

Ayesha 2026-01-24 06:31:28

Selected Answers: C

correct answer is "C"

The problem states that clients cannot communicate. This implies that while the switching (VLAN) is configured, the security logic is blocking the traffic. This typically happens when interfaces are assigned to different Layer 2 zones (e.g., L2-Trust and L2-Guest) but no Security Policy exists to authorize the traffic flow between them.

To fix this, you must:
Assign the interfaces to zones (required for any traffic processing).
Configure Security Policies specifically for the traffic crossing between those different zones (Interzone traffic).