ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSA All Questions

View all questions & answers for the PCNSA exam
Go to Exam

Exam PCNSA topic 1 question 308 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 308
Topic #: 1
[All PCNSA Questions]

An administrator is trying to understand which NAT policy is being matched.

In what order does the firewall evaluate NAT policies?

  • A. Dynamic IP and Port first, then Static, and finally Dynamic IP
  • B. From top to bottom
  • C. Static NAT rules first, then lop down
  • D. Static NAT rules first, then Dynamic
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by baccalacca at March 17, 2023, 11:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Adeolu007
1 month, 2 weeks ago
Selected Answer: B
Top down
upvoted 1 times
...
Kaifus
7 months, 1 week ago
Selected Answer: B
The firewall evaluates the rules in order from the top down. Once a packet matches the criteria of a single NAT rule, the packet is not subjected to additional NAT rules. Therefore, your list of NAT rules should be in order from most specific to least specific so that packets are subjected to the most specific rule you created for them.
upvoted 1 times
...
baccalacca
1 year, 4 months ago
answer = b You configure a NAT rule to match a packet’s source zone and destination zone, at a minimum. In addition to zones, you can configure matching criteria based on the packet’s destination interface, source and destination address, and service. You can configure multiple NAT rules. The firewall evaluates the rules in order from the top down. Once a packet matches the criteria of a single NAT rule, the packet is not subjected to additional NAT rules. Therefore, your list of NAT rules should be in order from most specific to least specific so that packets are subjected to the most specific rule you created for them. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-networking-admin/nat/nat-policy-rules/nat-policy-overview
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago