nse4_fgt-72 Exam QuestionsBrowse all questions from this exam

nse4_fgt-72 Exam - Question 93

Refer to the exhibit.

The exhibit shows a diagram of a FortiGate device connected to the network and the firewall policy and IP pool configuration on the FortiGate device.

Two PCs, PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.

Based on the information shown in the exhibit, which three configuration changes should the administrator make to fix the connectivity issue for PC3? (Choose three.)

In the IP pool configuration, set type to overload.

Configure 192.2.0.12/24 as the secondary IP address on port1.

In the firewall policy configuration, disable ippool.

In the IP pool configuration, set endip to 192.2.0.12.

Configure another firewall policy that matches only the address of PC3 as source, and then place the policy on top of the list.

Show Answer

Correct Answer: ACDE

The issue with PC3's connectivity is related to the IP pool and firewall policy configurations. First, setting the IP pool type to overload (option A) allows multiple internal IPs to share a single external IP address, which could resolve the problem if the one-to-one mapping isn't sufficient. Second, disabling the ippool in the firewall policy configuration (option C) will use the default NAT behavior, which is typically overload. Lastly, expanding the range of the IP pool by setting the end IP to 192.2.0.12 (option D) can allow more internal IP addresses to be mapped to external IPs, providing internet connectivity to all three PCs. Therefore, the three configuration changes that should be made are setting the IP pool type to overload, disabling ippool in the firewall policy, and expanding the IP pool range.

Discussion

13 comments

GANGA2021Options: ACD

Jul 17, 2023

D: If we disable Ippool via cli, the default will be overload. E: we create a new firewall policy but don't say anything about enable NAT, so this will fail.

GANGA2021

Jul 18, 2023

I mean C disable ippool, A and D

itmaxuser

Jul 15, 2023

D only will work by iteself, dunno why we have to select three things

rian00z_Options: ACD

Aug 20, 2023

Correct answers: ACD

raydel92Options: ACD

Sep 14, 2023

Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

TakumiOptions: ACD

Jul 18, 2023

The answer are A, C and D

NiciExamOptions: ACD

Jul 19, 2023

A, C and D is correct

e359166Options: ACD

Jul 26, 2023

The three fix options are A, C, and D E is incorrect

krisu96Options: ACD

Jul 27, 2023

A,C and D right anserws

D1360_1304Options: ACD

Aug 9, 2023

A, C and D are correct.

itzuy06Options: ADE

Sep 30, 2023

Correct Answer: ADE

PiotrSwiOptions: ACD

Oct 23, 2023

ACD it is.

GeniusAOptions: ACD

Dec 26, 2023

ACD is the ideal response

Lionel_P37Options: ADE

Apr 23, 2024

I don't understand why E wouldn't work.