Refer to the exhibit. An administrator is using DNAT to map two servers to a single public IP address. Traffic will be steered to the specific server based on the application, where Host A (10.1.1.100) receives HTTP traffic and Host B (10.1.1.101) receives SSH traffic.
Which two Security policy rules will accomplish this configuration? (Choose two.)
For the configuration described, which directs HTTP traffic to Host A (10.1.1.100) and SSH traffic to Host B (10.1.1.101), the correct security policy rules need to match the destination addresses post-NAT and the appropriate ports for the services. Traffic directed to Host A using HTTP should allow web-browsing to 1.1.1.100 post-NAT, hence the rule Untrust to DMZ (1.1.1.100), web-browsing - Allow is correct. Similarly, for Host B, allowing ssh traffic to 1.1.1.100 post-NAT matches the rule Untrust to DMZ (1.1.1.100), ssh - Allow. These ensure the correct mapping and security policy for both types of traffic via Destination NAT.
To define Destination, Security policy uses Post-NAT zone and Pre-NAT address
If we check DNAT, HTTP is for 1.1.1.100 so answer E And answer E is for the 2 DNAT and correct ports
A and E are correct answers.
I dont understand how a could possibly be correct since the other server is supposed to get the SSH traffic.
Nevermind I misread the IP.
A and E
i think its D , E
i was worng sorry
A, E are correct