DIPP
https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-networking-admin/nat/configure-nat/translate-internal-client-ip-addresses-to-your-public-ip-address-source-dipp-nat
Fallback Port
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRMCA0
Looking at the below:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/source-nat-and-destination-nat/source-nat
I would say B and D, is best fit. Reading the doc, and if this was a single answer it would be B.
Its not Static IP as this does not do port translation
Dynamic IP has an option to use DIPP
A. Dynamic IP123 D. Dynamic IP / Port Fallback2
Dynamic IP allows the one-to-one, dynamic translation of a source IP address only (no port number) to the next available address in the NAT address pool123. The size of the NAT pool should be equal to the number of internal hosts that require address translations23.
Dynamic IP / Port Fallback is an advanced option in Dynamic IP that enables the use of Dynamic IP and Port (DIPP) addresses when necessary
It's a really trick one!!!
Because here in this link, we can see that a 1:1 NAT should be A/C:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClhwCAC
Dynamic IP: For a given source IP address, the firewall translates the source IP to an IP in the defined pool or range. The mapping is not port based, which makes this a one-to-one mapping as long as the session lasts.....
Static IP: Use this translation type to translate a single source address to a specific public address. This is typically used to expose a server (email, web or any application) externally using a translated address that will not change. Use the Static IP mapping type to translate an entire address range to a specific address range, a one-to-one mapping. The number of source IPs using this policy must exactly match the translated range. This is typically used to resolve overlapping IP ranges when merging networks. The policy shown here translates all source addresses with at 10.20.1.x address destined to the Corp Zone to a matching address in the 10.30.1.x range.
From the Palo Alto website:
• Dynamic IP/Port (DIPP): used for outbound traffic; multiple clients can use the same public IP address(es) with different source port numbers
• Dynamic IP: used for outbound traffic; private source addresses translate to the next available address in a range
• Static IP: used for inbound or outbound traffic; can be used to change the source or the
destination IP address, with the source or destination port unchanged. When used to map a
single public IP address to multiple private servers and services, destination ports can stay the same or be directed to different destination ports.
There is a table at URL below that has a column on whether the source port changes. With DIPP the source port changes and same with Fallback.
https://live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/members_discuss/15121/1/TechNote_UnderstandingNAT.pdf
A and C. Both does 1:1 ip translation, allowing source port to change. DIPP is 1:Many
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
liliap
Highly Voted 1 year, 2 months agoJallic
Most Recent 3 months, 2 weeks agocjace
8 months agonotus
1 year agoKaifus
1 year, 1 month agoKaifus
1 year, 1 month ago[Removed]
1 year, 2 months agojayessarre
1 year, 2 months ago