David is a Security Administrator who has installed NGX on his network.
He needs to allow a specific IP address range for a partner site to access his intranet Web server. To limit the partner’s access for HTTP and FTP only, David has done the following:
Created manual Static NAT rules for the Web server.
Cleared the following boxessettings in the Global Properties’ Network Address Translation screen.
1."Allow bi-directional NAT"
2."Translate destination on client side"
Do the above settings limit the partner’s access?
A.
Yes. This will ensure that traffic only matches the specific rule configured for this traffic, and that NGX translates the traffic after accepting the packet.
B.
No. These settings are only applicable when upgrading from FireWall-1 4.1 to NGX.
C.
Yes. Both of these settings are only applicable to automatic NAT rules.
D.
Yes. The first setting is not applicable. The second setting will reduce performance impact, by translating traffic in the kernel nearest the intranet server.
E.
No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.