A network administrator is establishing a site-to-site VPN between a Palo Alto Networks firewall and a partner's Check Point Security Gateway. The partner has provided a specific list of local and remote IP address subnets that are permitted through the tunnel. The initial tunnel configuration on the PAN-OS firewall fails during the IKE Phase 2 exchange.
Which configuration step is essential to ensure compatibility with the policy-based Check Point gateway?
Which two zone types are valid when configuring a new security zone? (Choose two.)
When considering the various methods for User-ID to learn user-to-IP address mappings, which source is considered the most accurate due to the mapping being explicitly created through an authentication event directly with the firewall?
A network security engineer wants to create Security policy rules that allow or deny traffic based on a user's department, which corresponds to groups in the company's Active Directory. To achieve this, the firewall needs to retrieve group information from the directory server.
Which configuration object must be created first to establish the connection with the Active Directory server?