Which Zone Pair and Rule Type will allow a successful connection for a user on the Internet zone to a web server hosted on the DMZ zone? The web server is reachable using a Destination NAT policy in the Palo Alto Networks firewall. A. B. C. D.
Yes answer will be B, but the zone is correct DMZ is the post-nat destination zone;
the NAT rule will look like this:
source zone: Internet
destination zone: Internet
destination IP: public IP
destination translation: internal IP
the SEC rule will look like this:
source zone: Internet
destination zone: DMZ (post-NAT)
destination IP: Public IP (pre-NAT)
Which will make the traffic interzone.
Tip:
interzone vs intrazone -- I think of internet (global) vs intranet (local)
found it: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClomCAC
By default, all the traffic destined between two zones, regardless of being from the same zone or different zone, this applies the rule to all matching interzone and intrazone traffic in the specified source and destination zones.
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.PCNSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kraut
Highly Voted 3 years, 6 months agomtberdaan
3 years, 4 months agoketo3812
Highly Voted 3 years, 7 months agokraut
3 years, 6 months agovj77
3 years, 6 months agolildevil
1 year, 4 months agoMarshpillowz
Most Recent 9 months, 2 weeks agoDenskyDen
1 year, 9 months agoTAKUM1y
2 years, 1 month agoGivemeMoney
2 years, 9 months agoGivemeMoney
2 years, 9 months ago