Basic Concept: Panorama policy hierarchy has a fixed evaluation order: pre-rules first, then local firewall rules, then post-rules, followed by default rules.
Why B is Correct: Local firewall rules are evaluated after Panorama pre-rules and before Panorama post-rules, allowing Panorama to enforce top-level policy while leaving room for local rules.
Why A is Wrong: When a policy match is found in a local firewall policy, if any Panorama shared post-rule is configured, it will still be evaluated. is related to management or logging, but it does not provide the required Panorama operation, rule hierarchy behavior, or dual-log forwarding outcome.
Why C is Wrong: Panorama post-rules can be configured to be evaluated before local firewall policy for the purpose of troubleshooting. is related to management or logging, but it does not provide the required Panorama operation, rule hierarchy behavior, or dual-log forwarding outcome.
Why D is Wrong: The order of policy evaluation can be configured differently in different device groups. is related to management or logging, but it does not provide the required Panorama operation, rule hierarchy behavior, or dual-log forwarding outcome.
Submit