A company wants to install a PA-3060 firewall between two core switches on a VLAN trunk link. They need to assign each VLAN to its own zone and assign untagged (native) traffic to its own zone.Which option differentiates multiple VLANs into separate zones?
Question:
Which option differentiates multiple VLANs into separate zones?
Options:
Create V-Wire objects with two V-Wire interfaces and define a range of “0-4096″ in the “Tag Allowed” field of the V-Wire object.
Create V-Wire objects with two V-Wire subinterfaces and assign only a single VLAN ID to the Tag Allowed” field of the V-Wire object. Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each iinterface/sub interface to a unique zone.
Create Layer 3 subinterfaces that are each assigned tA. single VLAN ID and a common virtual router. The physical Layer 3 interface would handle untagged traffic. Assign each interface/subinterface tA. unique zone. Do not assign any interface an IP address.
Create VLAN objects for each VLAN and assign VLAN interfaces matching each VLAN I Repeat for every additional VLAN and use a VLAN ID of 0 for untagged traffic. Assign each interface/sub interface to a unique zone.
Correct Answer
The Correct Answer for this Question is
Create Layer 3 subinterfaces that are each assigned tA. single VLAN ID and a common virtual router. The physical Layer 3 interface would handle untagged traffic. Assign each interface/subinterface tA. unique zone. Do not assign any interface an IP address.
