Which of the following are NOT possible reasons?

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any
Destination: web_public_IP
Service: Any
Translated Source: original
Translated Destination: web_private_IP
Service: original
"web_public_IP" is the node object that represents the public IP address of the new Web server.
"web_private_IP" is the node object that represents the new Web site’s private IP address. You enable all settings from the Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error "page cannot be displayed".
Which of the following are NOT possible reasons? Choose two.

You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
Source: Any
Destination: web_public_IP
Service: Any
Translated Source: original
Translated Destination: web_private_IP
Service: original
"web_public_IP" is the node object that represents the public IP address of the new Web server.
"web_private_IP" is the node object that represents the new Web site’s private IP address. You enable all settings from the Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error "page cannot be displayed".
Which of the following are NOT possible reasons? Choose two.

A.
There is no Security Policy defined that allows HTTP traffic to the protected Web server.

B.
There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.

C.
There is no ARP table entry for the public IP address of the protected Web server.

D.
There is no NAT rule translating the source IP address of packets coming from the protected Web server.

E.
There is an ARP entry on the Gateway but the settings "Merge Manual proxy ARP" and "Automatic ARP configuration" are enabled in Global Properties. The Security Gateway ignores manual ARP entries.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Anuj Pratap

Anuj Pratap

Answer = D
source address is not require to be translate.

Julius

Julius

It is A. Firewall is using dynamic translation table, thus no need for bidirectional NAT rules for return traffic. Issue is with implicit stealth rule in policy which will drop traffic by default.

SB

SB

Julius, above questions says which is not a possible reason, so option D is correct. It is not a valid reason to represent the issue.