Exam4Training

Which setting should be changed on the Palo Alto Firewall to resolve this error message?

After migrating from an ASA firewall, the VPN connection between a remote network and the Palo Alto Networks firewall is not establishing correctly. The following entry is appearing in the logs: pfs group mismatched: my:0 peer:2

Which setting should be changed on the Palo Alto Firewall to resolve this error message?
A . Update the IPSEC Crypto profile for the Vendor IPSec Tunnel from group2 to no-pfs.
B . Update the IKE Crypto profile for the Vendor IKE gateway from no-pfs to group2.
C . Update the IPSEC Crypto profile for the Vendor IPSec Tunnel from no-pfs to group2.
D . Update the IKE Crypto profile for the Vendor IKE gateway from group2 to no-pfs.

Answer: C

Explanation:

Reference: https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/vpns/interpret-vpn-error­messages.html

Latest PCNSE6 Dumps Valid Version with 153 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version