ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.2 All Questions

View all questions & answers for the NSE4_FGT-6.2 exam
Go to Exam

Exam NSE4_FGT-6.2 topic 1 question 34 discussion

Actual exam question from Fortinet's NSE4_FGT-6.2
Question #: 34
Topic #: 1
[All NSE4_FGT-6.2 Questions]

Which two statements about central NAT are true? (Choose two.)

  • A. SNAT using central NAT does not require a central SNAT policy.
  • B. Central NAT can be enabled or disabled from the CLI only.
  • C. IP pool references must be removed from existing firewall policies, before enabling central NAT.
  • D. DNAT using central NAT requires a VIP object as the destination address in a firewall policy.
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
by Jay1982 at Jan. 12, 2021, 12:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MEDO162
3 years, 11 months ago
B and C are correct. FortiGate_Security_6.4 P.164
upvoted 1 times
...
AOC
4 years ago
byc correcto
upvoted 1 times
...
bwman
4 years, 1 month ago
B is correct -> security guide 6.4 p163 C is correct D is incorrect : As soon as a VIP or DNAT rule is created, no need for IPV4 policy. It is implicitely allowed. We can block trafic by adding IPV4 policy
upvoted 1 times
...
NetStef
4 years, 1 month ago
B & C Corect
upvoted 1 times
...
gordonF
4 years, 2 months ago
B is wrong If NGFW mode is policy-based, then it is assumed that central-nat (specifically SNAT) is enabled implicitly. From GUI: Got to System -> Settings, under 'Inspection Mode' select 'Flow-based and under 'NGFW Mode' select 'Profil-based'. From CLI. # Config sys setting set central-nat disable end https://kb.fortinet.com/kb/documentLink.do?externalID=FD49932
upvoted 1 times
petrus28
4 years, 2 months ago
Security_manual-6.2, p.164
upvoted 1 times
...
...
pollyy
4 years, 2 months ago
D is not correct - Security_manual-6.2, p. 167
upvoted 2 times
...
pollyy
4 years, 2 months ago
B & C are correct - Security_manual-6.2, p.164
upvoted 3 times
...
Jay1982
4 years, 3 months ago
B is wrong, Central NAT can be enabled from CLI/GUI
upvoted 1 times
Jay1982
4 years, 3 months ago
When central NAT is enabled in CLI, Policy & Objects displays the Central SNAT section in GUI so B is right.
upvoted 2 times
...
petrus28
4 years, 2 months ago
Security_manual-6.2, p.164
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago