Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Fortinet Discussions

Exam NSE4_FGT-6.2 topic 1 question 64 discussion

Actual exam question from Fortinet's NSE4_FGT-6.2
Question #: 64
Topic #: 1
[All NSE4_FGT-6.2 Questions]

Refer to the exhibits.



The exhibits contain a network diagram and virtual IP and firewall policy configuration.
The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/32?

  • A. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
  • B. 10.200.1.10
  • C. 10.200.1.1
  • D. 10.0.1.254
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by variaj8 at Jan. 2, 2021, 7:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
variaj8
Highly Voted 3 years, 3 months ago
The answer is C
upvoted 15 times
...
SebaAr22
Highly Voted 3 years, 3 months ago
C is correct, VIP doesnt affect SNAT
upvoted 10 times
salon442
2 years, 11 months ago
no its b..i have tested in lab
upvoted 2 times
...
...
salon442
Most Recent 2 years, 11 months ago
ans is b ..i have tested in lab..if port forwarding is disable then vip external ip..if port forwarding is enable the wan int ip
upvoted 4 times
...
nilkanthy
3 years ago
Correct answer is B 10.200.1.10 As port forwarding is disable it will take VIP external IP address if port forwarding is enable then it will take WAN interface IP address, in this case it will be 10.200.1.1. I have tested in my LAB.
upvoted 3 times
...
brunojlm88
3 years ago
Answer is B, Destination NAT static takes precedence of nat enabled on this policy.
upvoted 1 times
...
cmsniv
3 years ago
Guys, you are missing the point that this is a stateful Firewall. It matters in which direction the connection is established. In this case from LAN(port2) to WAN(port1). So the Firewall Policy ID 1 matches and has NAT Enabled. in this view we are unable to look at the adress configured for NAT. It could be the interface adress shown above in the network topology, 10.200.1.1 or it could be the IP from the virtual IP Setup. In this virtual IP Setup the IP 10.200.1.10 is assigned for being used for Destination NAT from WAN (port1) to LAN (port2). 10.200.1.10 is in the same subnet like the interface adress 10.200.1.1. So the source could be 10.200.1.1, which will be the first adress allocated. it could also be any other allocated IP adress in that subnet. We already know one additional adress. So Answer A is the correct one.
upvoted 1 times
...
Katorcio
3 years, 1 month ago
I agree with ccsa_ccse! The correct answer is B in this case.
upvoted 2 times
...
ccsa_ccse
3 years, 1 month ago
The correct answer for this is B because the port forwarding is disabled so the reciprocity still exists.
upvoted 3 times
...
petrus28
3 years, 1 month ago
The answer to this one is B because Port Forwarding is disabled. If Port Forwarding was enabled, it would be C.
upvoted 4 times
...
NETeng01
3 years, 3 months ago
correct is B because the port forwarding is desable if the port forwarding is enable then the answer will be C
upvoted 5 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel