You are responsible for the configuration of MegaCorp’s Check Point Firewall. You need to allow
two NAT rules to match a connection. Is it possible? Give the BEST answer.
A.
No, it is not possible to have more than one NAT rule matching a connection. When the firewall
receives a packet belonging to a connection, it compares it against the first rule in the Rule Base,
then the second rule, and so on. When it finds a rule that matches, it stops checking and applies
that rule.
B. Yes, it is possible to have two NAT rules which match a connection, but only in using Manual
NAT (bidirectional NAT).
C.
Yes, there are always as many active NAT rules as there are connections.
D.
Yes, it is possible to have two NAT rules which match a connection, but only when using
Automatic NAT (bidirectional NAT).
D)
I also think is (D), but I don’t see the difference with answer B. Is it a grammatical difference?
B) Manual Nat bidirectional NAT
D) Automatic Nat bidirectional NAT
D) is correct.