Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)
Which two features implement one-to-one translation of a source IP address while allowing the source port to change? (Choose two.)
Dynamic IP and Static IP both implement one-to-one translation of a source IP address while allowing the source port to change. Dynamic IP involves translating the source IP address to another IP in a defined range, maintaining a one-to-one mapping for the duration of the session. Static IP translation involves mapping a single source address to a specific public address, maintaining the IP translation while allowing flexibility for the port configuration.
DIPP https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-networking-admin/nat/configure-nat/translate-internal-client-ip-addresses-to-your-public-ip-address-source-dipp-nat Fallback Port https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRMCA0
A and C. Both does 1:1 ip translation, allowing source port to change. DIPP is 1:Many
A-C https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mappinghttps://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mappinghttps://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/nat-configuration-examples/destination-nat-exampleone-to-one-mapping
A. Dynamic IP123 D. Dynamic IP / Port Fallback2 Dynamic IP allows the one-to-one, dynamic translation of a source IP address only (no port number) to the next available address in the NAT address pool123. The size of the NAT pool should be equal to the number of internal hosts that require address translations23. Dynamic IP / Port Fallback is an advanced option in Dynamic IP that enables the use of Dynamic IP and Port (DIPP) addresses when necessary
It's a really trick one!!! Because here in this link, we can see that a 1:1 NAT should be A/C: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhwCAC Dynamic IP: For a given source IP address, the firewall translates the source IP to an IP in the defined pool or range. The mapping is not port based, which makes this a one-to-one mapping as long as the session lasts..... Static IP: Use this translation type to translate a single source address to a specific public address. This is typically used to expose a server (email, web or any application) externally using a translated address that will not change. Use the Static IP mapping type to translate an entire address range to a specific address range, a one-to-one mapping. The number of source IPs using this policy must exactly match the translated range. This is typically used to resolve overlapping IP ranges when merging networks. The policy shown here translates all source addresses with at 10.20.1.x address destined to the Corp Zone to a matching address in the 10.30.1.x range.
From the Palo Alto website: • Dynamic IP/Port (DIPP): used for outbound traffic; multiple clients can use the same public IP address(es) with different source port numbers • Dynamic IP: used for outbound traffic; private source addresses translate to the next available address in a range • Static IP: used for inbound or outbound traffic; can be used to change the source or the destination IP address, with the source or destination port unchanged. When used to map a single public IP address to multiple private servers and services, destination ports can stay the same or be directed to different destination ports.
There is a table at URL below that has a column on whether the source port changes. With DIPP the source port changes and same with Fallback. https://live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/members_discuss/15121/1/TechNote_UnderstandingNAT.pdf