AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the
10-net subnetted to a class C address. AlphaBravo uses Dynamic NAT and hides all of the
internal networks behind the external IP addresses of the Firewall. The Firewall administrator for
AlphaBravo has noticed that policy installation takes significantly longer since adding all 72
internal networks to the address translation rule. What should the Firewall administrator do to
reduce the time it takes to install a policy?
A.
Create an object for the entire 10-net and use the object for the translation rule instead of the
individual network objects.
B.
Use automatic NAT rule creation on each network object. Hide the network behind the firewall’s
external IP addresses.
C.
Match packets to the state table, so packets are not dropped. Increase the size of the NAT
tables.
D.
Reinstall the Firewall and Security Policy Editor. The policy is corrupting Firewall’s binaries.
E.
Increase the size of state table. Use automatic NAT rule creation to hide the networks behind
an IP address other than firewall’s external IP.
Explanation:
to reduce the installation time, you can group the different network objects into one object so you
don’t have to use individual network object to make your translation rules, this will improve policy
install performance and will ease the administration.
Incorrect Answers:
B: We are not reducing installation time with this answer because we are creating the rules with
every single network object.
C: This is not a matching problem, it’s clear that we have too many network objects inside thesame rule.
D: This is not possible, you cannot corrupt the binaries with a policy definition, they don’t talk
directly to each other.
E: For security reasons, we should protect the internal addresses behind the external IP Address
of the firewall. This is one of the purposes of NAT.