New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks PSE-SoftwareFirewall Exam - Topic 3 Question 32 Discussion

Actual exam question for Palo Alto Networks's PSE-SoftwareFirewall exam
Question #: 32
Topic #: 3
[All PSE-SoftwareFirewall Questions]

A customer in a VMware ESXi environment wants to add a VM-Series firewall and partition an existing group of virtual machines (VMs) in the same subnet into two groups. One group requires no additional security, but the second group requires substantially more security.

How can this partition be accomplished without editing the IP addresses or the default gateways of any of the guest VMs?

Show Suggested Answer Hide Answer
Suggested Answer: B

Creating a New Virtual Switch:

By creating a new virtual switch, you can segment the network within the ESXi environment. The VM-Series firewall can then be used to provide security controls between these virtual switches using virtual wire mode.


Palo Alto Networks VM-Series Deployment Guide

Moving Guests to New Virtual Switch:

Guests requiring additional security are moved to the new virtual switch, allowing the VM-Series firewall to inspect and control traffic between the switches. This setup does not necessitate changes to the existing IP addresses or default gateways of the VMs.

Palo Alto Networks VM-Series Virtual Wire Mode

by Alesia at Nov 23, 2025, 03:02 AM

Limited Time Offer

25%

Off

Get Premium PSE-SoftwareFirewall Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kris
1 day ago
I disagree, option C seems more secure by using a hardware firewall.
upvoted 0 times
...
Louann
6 days ago
Option B is the way to go! Virtual wire mode is perfect for this.
upvoted 0 times
...
Penney
12 days ago
Proxy ARP? What is this, the 90s? Option B is the clear winner here. Gotta love those virtual switches.
upvoted 0 times
...
Tula
17 days ago
Option B is the way to go, no doubt. Keeping everything contained in the virtual environment is the most elegant solution.
upvoted 0 times
...
Mari
22 days ago
C seems like it could work, but I'm not sure I'd want to send the VLAN out to a hardware firewall if I could handle it all within the virtual environment.
upvoted 0 times
...
Nickole
27 days ago
Haha, editing the IP addresses of all the VMs? That's a hard pass. Option B is definitely the way to go here.
upvoted 0 times
...
Tamar
1 month ago
D is an interesting option, but I'm not sure how the proxy ARP would work in this scenario. Might be a bit more complex than the virtual switch approach.
upvoted 0 times
...
Edwin
1 month ago
Option B seems like the way to go. Separating the VMs into different virtual switches and using the VM-Series firewall to secure the more sensitive group sounds like a clean solution.
upvoted 0 times
...
Theodora
1 month ago
I recall that VLANs can help with segmentation, but I'm not sure if sending traffic to a hardware firewall is the best approach here.
upvoted 0 times
...
Tu
2 months ago
I'm a bit confused about the Layer 3 interface option. I feel like we covered that, but it seems like it could complicate things unnecessarily.
upvoted 0 times
...
Melissa
2 months ago
I think option B sounds familiar. We practiced something similar where we had to separate traffic using virtual wire mode.
upvoted 0 times
...
Valentin
2 months ago
I'm pretty confident I know how to solve this. Option D is the way to go - create a Layer 3 interface in the same subnet and use proxy ARP. That way you can partition the VMs without changing anything on their end. Seems like the most straightforward approach to me.
upvoted 0 times
...
Gaynell
2 months ago
I think option B is the best choice. It keeps the IPs intact.
upvoted 0 times
...
Rosann
2 months ago
Hmm, I'm not sure about that. Option C seems interesting - sending the VLAN out to a hardware firewall and using the same IP as the old gateway. That might be a good way to add the extra security without disrupting the VMs. I'll have to look into that one more.
upvoted 0 times
...
Herschel
2 months ago
I remember we discussed using virtual switches in class, but I'm not entirely sure how the VM-Series firewall fits into that.
upvoted 0 times
...
Alverta
3 months ago
Option C seems complicated. Why involve hardware?
upvoted 0 times
...
Bettyann
3 months ago
Okay, I think I've got this. Option B looks like the way to go - create a new virtual switch and use the VM-Series firewall to separate the VMs that need more security. That way we don't have to mess with the IP addresses or gateways. Seems like the cleanest solution.
upvoted 0 times
...
Margart
3 months ago
I'm a bit confused by this question. It seems like we need to partition the VMs without changing their IP addresses or default gateways, but I'm not sure how to do that. I'll have to think through the options carefully.
upvoted 0 times
Viola
3 months ago
I’m leaning towards option D. ARP could help without changing IPs.
upvoted 0 times
...
...

Save Cancel