ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.0 All Questions

View all questions & answers for the NSE4_FGT-6.0 exam
Go to Exam

Exam NSE4_FGT-6.0 topic 1 question 68 discussion

Actual exam question from Fortinet's NSE4_FGT-6.0
Question #: 68
Topic #: 1
[All NSE4_FGT-6.0 Questions]

Examine the exhibit, which contains a virtual IP and firewall policy configuration.



The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address.
Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?

  • A. 10.200.1.10
  • B. Any available IP address in the WAN (port1) subnet 10.200.1.0/24
  • C. 10.200.1.1
  • D. 10.0.1.254
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by DheerajSan at Feb. 16, 2020, 2:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Leon2020
Highly Voted 4 years, 10 months ago
I set up the scenario when I enable port forwarding in the vip leaves with the ip associated with the wan interface (10.200.1.1), if I disable port forwarding the outgoing ip is the one associated with the VIP (10.200.1.10) Correct answer C
upvoted 7 times
...
EvanABS
Highly Voted 5 years, 1 month ago
C is correct, The "set nat-source-vip enable" should be applied in the VIP Otherwise, the IP address of the physical interface will be used for NAT https://kb.fortinet.com/kb/documentLink.do?externalID=FD44529
upvoted 6 times
...
SebaAr22
Most Recent 4 years, 3 months ago
C is correct, VIP doesnt affect source nat
upvoted 1 times
...
farmez
4 years, 4 months ago
Answer A FGT 6.4 Security Study guide P158
upvoted 1 times
farmez
4 years, 4 months ago
I did not pay attention at the port forwarding feature Port forwarding is enabled => correct answer is C if port forwarding was disabled => A is the correct answer
upvoted 1 times
...
...
ramzie
4 years, 6 months ago
Answer is B
upvoted 1 times
...
Deep_Purple
4 years, 8 months ago
C https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-firewall/Concepts%20-%20Firewall/Static%20NAT.htm
upvoted 2 times
...
LincDel
4 years, 10 months ago
1- Traffic direction is important. 2- The second policy is related to port forwarding and not NAT. The question is related to source NAT = NAT(Traffic going from Lan(port2) to Wan(port1). In our case the router(fortigate) Wan interface IP will be use to Source Nat the workstation IP.
upvoted 3 times
...
jbernard
4 years, 10 months ago
A is correct, The Exibit shows a VIP from 10.200.0.10 (you can have several IP addresses from your ISP) Static NAT with a port forward, then the 2nd policy Allow traffic from port1 (should say WAN instead of LAN, I think is a trick) to the VIP, so the IP that you need to use to access your web server is 10.200.0.10
upvoted 2 times
...
flohergat
4 years, 10 months ago
C is the correct answer It cannot be the A because the exhibit shows the DNAT and not some one-to-one SNAT
upvoted 2 times
...
Fr4nx
4 years, 11 months ago
A, Nat is enabled on the matching policy, so it won't be the original source interface address.
upvoted 2 times
...
montonearm
5 years, 1 month ago
i think is A
upvoted 3 times
...
DheerajSan
5 years, 2 months ago
C is the correct answer
upvoted 4 times
moler
5 years, 2 months ago
Es A, tiene port forwarding habilitado.
upvoted 6 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago