Exam PCNSE All QuestionsBrowse all questions from this exam
Go to Exam
Question 42

An administrator wants multiple web servers in the DMZ to receive connections initiated from the internet. Traffic destined for 206.15.22.9 port 80/TCP needs to be forwarded to the server at 10.1.1.22

Based on the information shown in the image, which NAT rule will forward web-browsing traffic correctly?

A.

B.

C.

D.

    Correct Answer:

    The correct NAT rule to forward web-browsing traffic from the internet to the server at 10.1.1.22 is option C. In option C, the source IP is set to any, and the destination IP is the external IP address 206.15.22.9. The source zone is the Internet, indicating the traffic is coming from the internet. The destination zone is also the Internet, which is correct for a NAT rule as it addresses the interface before the translation. The destination service is set to 80/TCP, which is standard for web traffic. The action is Destination NAT, meaning it translates the external IP to an internal IP. The translated IP is correctly set to 10.1.1.22, and no translated port is specified, which is appropriate as you typically translate the same port number in many configurations.

Discussion
UFanat

C is correct. You should distinguish questions for NAT and security rules (the only difference in destination zone - Internet for NAT rules and DMZ for policy rules)

GheeHong

Ya, C is correct.

Pakawat

Yes, it is C this is NAT rule not security rule.

Kane002

C. NAT zones are just whatever interface traffic is going to. The source (the big cloud internet) is obviously internet, and the destination zone is the internet facing interface of the firewall, so the destination is also internet. It then is translated into an IP that the internal network can read.

Jared28

C - Based on live production use - Those thinking it is D, if it were not DNAT to a specific port (but all ports), this would be correct (dest zone of the device). However, since a dest svc is specified, it's only translating specific port(s), the destination zone would still be Internet.

Pallab_Kundu

Correct Answer is D

DatITGuyTho1337

No, correct answer is C. :)

HB1989

looks like its D, because the destination IP 10.1.1.22 is located in zone DMZ, traffic flow = internet (zone) > DMZ (zone)

HB1989

after some test, C is correct.

frodo1791

Correct answer is C.

juli_AZ_900

The answer is D

foromi

The answer is incorrect, because this is a NAT rule and cannot be the DMZ. The correct answer is C.

juli_AZ_900

The correct answer is C

vj77

D is not correct since the NAT zone should be internet to internet; NOT DMZ

bing2021

C is correct, NAT rule interface is before translate, and there is another translate section

Marshpillowz

C is the correct answer

evdw

Correct answer : C