Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Fortinet Discussions

Exam NSE4_FGT-7.2 topic 1 question 13 discussion

Actual exam question from Fortinet's NSE4_FGT-7.2
Question #: 13
Topic #: 1
[All NSE4_FGT-7.2 Questions]

Refer to the exhibits.
The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information.
The WAN (port1) interface has the IP address 10.200.1.1/24.
The LAN (port3) interface has the IP address 10.0.1.254/24.
The first firewall policy has NAT enabled using IP pool.
The second firewall policy is configured with a VIP as the destination address.


Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?

  • A. 10.200.1.1
  • B. 10.0.1.254
  • C. 10.200.1.10
  • D. 10.200.1.100
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by chromevandium11 at Jan. 8, 2023, 10:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
1239944
Highly Voted 11 months, 2 weeks ago
Selected Answer: D
FortiOS 7.2 Study Guide Page 110: "(Step 2): FortiGate uses as NAT IP the external IP address defined in the VIP when performing SNAT on all egress traffic sourced from the mapped address in the VIP, provided the matching firewall policy has NAT enabled" "Note that you can override the behavior described in step 2 by using an IP pool"
upvoted 6 times
...
rian00z_
Highly Voted 1 year ago
Selected Answer: C
Correct answer: C. 10.200.1.10. In the battle field, I observed this behavior related on article https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-VIP-s-External-IP-Address-for-Source/ta-p/189947?externalID=FD44529: - The second Firewall policy will activate the VIP so that its external IP address can be used to perform SNAT when the HOST generates traffic towards the Internet. - Internet Traffic from internal network will be allowed by first firewall policy for SNAT with VIP's external IP address.
upvoted 5 times
Mellon
1 month, 1 week ago
The Syslog server mode changed to udp, reliable, and legacy-reliable. You must set the mode to reliable to support extended logging,
upvoted 1 times
...
spydog
11 months, 2 weeks ago
That is correct when outbound traffic is matching rule with SNAT using egress interface. When SNAT is configured to use IP Pool, this will override the VIP IP external address.
upvoted 1 times
...
...
LiilGenius
Most Recent 1 month, 2 weeks ago
Selected Answer: D
D. 10.200.1.100
upvoted 1 times
...
GopiChandMurari
5 months ago
C The VIP configured with static NAT takes precedence over the NAT overload (PAT) of the IP pool.
upvoted 2 times
...
kev91
5 months ago
D. 10.200.1.100
upvoted 1 times
...
AMK2ENG
8 months, 2 weeks ago
D. 10.200.1.100
upvoted 1 times
...
GeniusA
8 months, 3 weeks ago
Option D is the correct answer
upvoted 1 times
...
Ygrec
10 months, 2 weeks ago
Selected Answer: D
D Because it uses the IP POOL range from LAN to WAN
upvoted 3 times
...
itzuy06
11 months, 4 weeks ago
Selected Answer: D
D. 10.200.1.100
upvoted 2 times
...
raydel92
1 year ago
Selected Answer: D
D. 10.200.1.100 Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html
upvoted 2 times
...
Garry_G
1 year ago
I know that in some situations, the VIP IP is used for SNAT, but are never sure what the requirements are for that to happen ... :( I tried the setup on our live system, but the firewall kept using the NAT pool instead of the VIP NAT
upvoted 1 times
spydog
11 months, 2 weeks ago
VIP external IP will be used for source NAT for outbound traffic, when traffic is matching policy enabled with NAT for egress interface. If outbound traffic match rule with NAT enabled and IP pool configured. Traffic will use the IP pool external IP. Basically SNAT priority from high to low will be : 1) IP pool 2) VIP IP 3) SNAT egress interface
upvoted 5 times
...
...
Slash_JM
1 year ago
Selected Answer: D
FortiGate Security 7.2 Study Guide p.97-98
upvoted 2 times
...
Mboweni
1 year, 3 months ago
D is the correct answer
upvoted 1 times
...
Danny_B
1 year, 3 months ago
Selected Answer: D
7.2 SEC 97-98
upvoted 1 times
...
fc8
1 year, 4 months ago
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-VIP-s-External-IP-Address-for-Source/ta-p/189947?externalID=FD44529
upvoted 1 times
...
Equiano
1 year, 5 months ago
Selected Answer: D
The question says SNAT, so the only correct answer here (looking at the IP Pool) is D
upvoted 2 times
...
danieldelgado
1 year, 5 months ago
I correct my answer to D, because the VIP has portwarding enables plus the outgoing policy has an IPPool enabled
upvoted 3 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel