ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-7.0 All Questions

View all questions & answers for the NSE4_FGT-7.0 exam
Go to Exam

Exam NSE4_FGT-7.0 topic 1 question 21 discussion

Actual exam question from Fortinet's NSE4_FGT-7.0
Question #: 21
Topic #: 1
[All NSE4_FGT-7.0 Questions]

Refer to the exhibit, which contains a session list output.

Based on the information shown in the exhibit, which statement is true?

  • A. One-to-one NAT IP pool is used in the firewall policy.
  • B. Destination NAT is disabled in the firewall policy.
  • C. Port block allocation IP pool is used in the firewall policy.
  • D. Overload NAT IP pool is used in the firewall policy.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by El3den at Oct. 5, 2022, 9:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
warlusontheweb
1 year ago
Actually this question appear to me very strange. Answers A,C,D have the same same session table as the one showed, it is not possible to say one-to-one so easy, since, you can configure SNAT overload with preserve source port. One thing, no destination NAT IP is showed, this means any VIP is configured in the firewall policy and this means is something "disabled" in such policy, even if I admit is a bit stretched thought.
upvoted 1 times
...
ml1190
1 year, 2 months ago
since all packets have the same source IP (10.0.1.10), one-to-one NAT should behave the same as an overload pool since there's no need to apply PAT or share the pool. I think the only fact we're sure about is that there is no DNAT...
upvoted 1 times
...
raydel92
1 year, 3 months ago
Selected Answer: A
A. One-to-one NAT IP pool is used in the firewall policy. Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
upvoted 1 times
...
Valebino
1 year, 9 months ago
Selected Answer: A
A "one-to-one" is correct, See FortiGate Security 7.0 Study Guide P.164 "In one-to-one NAT, PAT is not required. Same source port is shown for both the ingress and egress address called also a single mapping of an internal to a external address"
upvoted 1 times
...
majidsheik23
1 year, 10 months ago
i tested this now in firewall. both A and C are correct. they show the similar output when i checked the session table. always do the lab and verify.
upvoted 1 times
darkdante24
10 months, 3 weeks ago
A and C would have been correct only if the port of the source remained same through the http and https connection
upvoted 1 times
...
...
ABELQF6
1 year, 11 months ago
Selected Answer: A
A ......
upvoted 1 times
...
darkspawn117
2 years, 1 month ago
I may be missing something? Wouldn't it be Overload because of the numerous ports used in Source-NAT?
upvoted 4 times
...
PonPom3
2 years, 1 month ago
Selected Answer: A
Fortigate Security 7.0 Page 164
upvoted 2 times
Virutas
2 years ago
In the one-to-one pool type, an internal IP address is mapped with an external address on a first-come, firstserved basis. There is a single mapping of an internal address to an external address. Mappings are not fixed and, if there are no more addresses available, a connection will be refused. Also, in one-to-one, PAT is not required. In the example on this slide, you can see the same source port is shown for both the ingress and egress address.
upvoted 2 times
...
...
El3den
2 years, 2 months ago
is this correct ?
upvoted 1 times
AngraMainyu
2 years, 2 months ago
Yes, the port translation shows it's not PAT, therefore it's one to one
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel