ExamTopics Logo
Mail Us[email protected]
Menu
Checkpoint Discussions
exam questions

Exam 156-215.80 All Questions

View all questions & answers for the 156-215.80 exam
Go to Exam

Exam 156-215.80 topic 1 question 185 discussion

Actual exam question from Checkpoint's 156-215.80
Question #: 185
Topic #: 1
[All 156-215.80 Questions]

Can a Check Point gateway translate both source IP address and destination IP address in a given packet?

  • A. Yes.
  • B. No.
  • C. Yes, but only when using Automatic NAT.
  • D. Yes, but only when using Manual NAT.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by C4rlos at March 23, 2020, 8:54 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Kurp
Highly Voted 2 years, 9 months ago
A is the correct answer WHen using automatic NAT , the firewall inspect the NAT table twice , once for automatic NAT source and one for automatic nat destination Easy to test, create one object on either side of the gateway a client 172.16.0.250 auto nat 192.168.0.111 and a server 192.168.0.1 auto nat 172.16.0.111. Access the server from the client using its auto nat address. You will see two translation unde NAT rule number and additional NAT rule number LOGs attached Source: 172.16.0.250 Source Port: 51518 Destination: 172.16.0.111 Destination Port: 80 IP Protocol: 6 Xlate (NAT) Source IP: 192.168.0.111 Xlate (NAT) Destination IP: 192.168.0.1 Xlate (NAT) Source Port: 0 Xlate (NAT) Destination Port:0 NAT Rule Number: 3 NAT Additional Rule Number: 6 Action: Accept Type: Connection Policy Name: LAB-FW01-FW03-Policy
upvoted 8 times
...
Hernan_Mella
Most Recent 6 months, 3 weeks ago
https://community.checkpoint.com/t5/General-Topics/What-are-to-the-point-differences-between-Automatic-Manual-NAT/td-p/31229#
upvoted 1 times
...
djreymix
1 year, 6 months ago
D is correct
upvoted 2 times
...
DS007
1 year, 11 months ago
The question would be then, under what circumstances this would be possible but without using Manual NAT (for A to be valid)?
upvoted 2 times
...
nariman93
2 years, 3 months ago
D https://sc1.checkpoint.com/documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_SecurityManagement_AdminGuide/html_frameset.htm?topic=documents/R80.20_M1/WebAdminGuides/EN/CP_R80.20_M1_SecurityManagement_AdminGuide/94349 Enabling Manual NAT For some deployments, it is necessary to manually define the NAT rules. Create SmartConsole objects that use the valid (NATed) IP addresses. Create NAT rules to translate the original IP addresses of the objects to valid IP addresses. Then configure the Firewall Rule Base to allow traffic to the applicable translated objects with these valid IP addresses. Note - For manual NAT rules, it is necessary to configure Proxy ARP entries to associate the translated IP address. These are some situations that must use manual NAT rules: Rules that are restricted to specified destination IP addresses and to specified source IP addresses Translate both source and destination IP addresses in the same packet. Static NAT in only one direction Translate services (destination ports) Rules that only use specified services (ports) Translate IP addresses for dynamic objects
upvoted 4 times
...
Snir
2 years, 5 months ago
Definitely D!
upvoted 1 times
...
[Removed]
2 years, 10 months ago
D would be the right Answer as it works in Manual NAT for both source and destination .
upvoted 3 times
...
C4rlos
2 years, 10 months ago
How about D? It is not possible to translate both, source and destination using automated NAT
upvoted 4 times
C4rlos
2 years, 9 months ago
This part is from CCSA course book: Manual NAT rules offer flexibility because they allow the translation of both the source and destination of the packet and allow the translation of services. Manual NAT is discussed in grater detail in the CCSE course. So D is the best answer.
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago