Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Fortinet Discussions

Exam NSE4_FGT-6.4 topic 1 question 77 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 77
Topic #: 1
[All NSE4_FGT-6.4 Questions]

Refer to the exhibit, which contains a session list output.

Based on the information shown in the exhibit, which statement is true?

  • A. Port block allocation IP pool is used in the firewall policy
  • B. Destination NAT is disabled in the firewall policy
  • C. Overload NAT IP pool is used in the firewall policy
  • D. One-to-one NAT IP pool is used in the firewall policy
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by phototrait at June 30, 2021, 6:47 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
KemalM
Highly Voted 2 years, 9 months ago
Answer: D Fortigate Security 6.4 Study Guide P.155
upvoted 6 times
...
SandroAlex
Most Recent 2 years, 3 months ago
Selected Answer: D
D é a verdadeira, porém... Port Block Allocation e Overload fazem PAT, não podem ser verdadeiras. Destination NAT não é aplicada na política e sim no menu VIP (sem Central NAT) ou DNAT & VIP (com Central NAT). Não é possível garantir que se trata de One-to-one NAT pois a saída de Fixed Port Range NAT é a mesma. Logo, como questão só tem a opção One-to-one NAT, acredito que ela seja a verdadeira.
upvoted 1 times
...
Tanith
2 years, 3 months ago
D is correct.
upvoted 1 times
...
RatheeshRavindran
2 years, 5 months ago
Selected Answer: D
D is correct
upvoted 4 times
Zoronyx
2 years, 5 months ago
Same screenshoot on FGT study guide 6 p127. Key is that same ports are used for both ingress and egress address. This one to one. Answer D
upvoted 3 times
...
...
MrSaintz
2 years, 6 months ago
Selected Answer: B
Might I suggest that Destination NAT being disabled is actually the only conclusive true statement? Speaking of SNAT, default "use interface ip address", and running the same command, shows that some sessions where SNAT is applied might keep source-port intact, its assumed that it will overload and start applying PAT at some point, but it doesn't actually always occur. In fact you can set the policy to preserve source-port, even while configuring dynamic pool with overload and (naturally) one-to-one. C and D can both generate the same output in the end if we can't see the policy configuration... IMHO
upvoted 2 times
Ragnar77
2 years ago
no way, your stamtment is true , Overload not always do PAT when there are few sessionst.But you can't enable DNAT in the firewall policy... so the answere is D. moreover you cant say it's ovlerload nor Port block allocation beacuse they are same pool type.
upvoted 1 times
...
...
Miguex125
2 years, 6 months ago
For me the answer is "C" considering this link: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/29961/dynamic-snat
upvoted 1 times
Miguex125
2 years, 6 months ago
I was wrong, reading again fortinet docs, the correct answer is one to one.
upvoted 2 times
...
...
MoBaraka
2 years, 8 months ago
D is correct.
upvoted 2 times
...
forti_Ctes
2 years, 9 months ago
D is correct. FortiGate_Security_6.4 Page 156
upvoted 3 times
...
Gape4
2 years, 11 months ago
D is Correct. No Doubt.
upvoted 4 times
Pierrot26
2 years, 9 months ago
Why it cannot be C ? one to one 10.1.0.1 SNAT 10.200.1.1 10.1.0.2 SNAT 10.200.1.2 etc.... overload : 10.1.0.1 SNAT 10.200.1.1 10.1.0.2 SNAT 10.200.1.1 etc.... but here we have only one source... It's impossible to compare overload vs one-to-one ?
upvoted 6 times
Imanism
2 years, 9 months ago
One to One is first come first served. In one to one, PAT is not required. Source port and destination port is the same
upvoted 3 times
...
...
...
xela2005
3 years ago
D is correct. FortiGate_Security_6.4 page 155 . In one-to-one, PAT is not required.
upvoted 3 times
...
Jancy_111
3 years ago
D is correct answer
upvoted 1 times
...
phototrait
3 years ago
D is correct. FortiGate_Security_6.4 page 155
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours