nse4_fgt-72 Exam - Question 102

Question

Refer to the exhibits.

Exhibit A shows a network diagram. Exhibit B shows the central SNAT policy and IP pool configuration.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

A firewall policy is configured to allow all destinations from LAN (port3) to WAN (port1).

Central NAT is enabled, so NAT settings from matching central SNAT policies will be applied.

Which IP address will be used to source NAT (SNAT) the traffic, if the user on Local-Client (10.0.1.10) pings the IP address of Remote-FortiGate (10.200.3.1)?

Examice · Accepted Answer

The IP address 10.200.1.99 will be used to source NAT the traffic because the user on Local-Client is pinging, which uses the ICMP protocol. According to Exhibit B, the central SNAT policy for protocol number 1 (ICMP) specifies the translated address as 'SNAT-Remote1,' which corresponds to the external IP range 10.200.1.99.

besi05 · Answer

A is correct , pings is ICMP so protocol 1. Protocol 1 is enabled on access list id 2 which has destination address SNAT-remote 1

Halmonte0780 · Answer

It's A because of the protocol number.
Ping = icmp

Ping is ICMP protocol - protocol number = 1
=> SNAT policy ID 1 is policy that used.
=> Translated address is "SNAT-Remote1" that 10.200.1.99

D1360_1304 · Answer

A. Correct - is for ICMP
B. Incorrect -
C.  Incorrect - is for TCP protocol
D. Incorrect - is for IGMP protocol

Takumi · Answer

The real answer es A

Takumi · Answer

The answer is D

raydel92 · Answer

A. 10.200.1.99

Reference and download study guide:
https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

Jumpy007 · Answer

Protocol number 1	ICMP	Internet Control Message Protocol
https://www.fortinetguru.com/2018/12/protocol-number/

darkdante24 · Answer

A is correct, look at the pictures carefully they have made it complicated on purpose.

nse4_fgt-72 Exam - Question 102

Discussion