ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam FCP_FGT_AD-7.4 All Questions

View all questions & answers for the FCP_FGT_AD-7.4 exam
Go to Exam

Exam FCP_FGT_AD-7.4 topic 1 question 89 discussion

Actual exam question from Fortinet's FCP_FGT_AD-7.4
Question #: 89
Topic #: 1
[All FCP_FGT_AD-7.4 Questions]

Refer to the exhibits.









The exhibits show a diagram of a FortiGate device connected to the network, VIP configuration, firewall policy, and the sniffer CLI output on the FortiGate device.

The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.

The webserver host (10.0.1.10) must use its VIP external IP address as the source NAT (SNAT) when it pings remote server (10.200.3.1).

Which two statements are valid to achieve this goal? (Choose two.)

  • A. Create a new firewall policy before Internet_Access for the webserver and apply the IP pool.
  • B. Disable port forwarding on the VIP object.
  • C. Enable NAT on the Allow_access firewall policy.
  • D. Disable NAT on the Internet_Access firewall policy.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by megordillo at Jan. 26, 2025, 10:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AElayan
2 weeks, 6 days ago
Selected Answer: AB
Tricky !!! A: Add a new rule and choose ping in the service field and use the IP pool 10.200.1.200-10.200.1.200 B: No sure about this one, since it is a WebServer! But Disabling the port forwarding would also do the job as well C: Wrong! Not going to work since the services selected are 80 and 443. We need ping/ICMP D: Wrong! That will stop the communication at all
upvoted 1 times
...
tharindas
3 weeks, 6 days ago
Correct answers are A, B
upvoted 1 times
...
herlock_sholmes_2810
1 month, 4 weeks ago
Selected Answer: AB
Como estamos especificando um port forwarding no VIP, o SNAT só vai assumir o IP de DNAT quando for para a porta especificada no Port Forwarding, então a opção é usar um IP pool, ou retirar o port forwarding (dessa forma irá funcionar para todas portas e protocolos, inclusive icmp)
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago