Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT for all other traffic from the untrust zone to the egress interface?

Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT
for all other traffic from the untrust zone to the egress interface?

Which configuration allows direct access to the 10.10.10.0/24 network without NAT, but uses NAT
for all other traffic from the untrust zone to the egress interface?

A.
[edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
source-nat off;
}
}

B.
[edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}
rule server-access {
match {
source-address 10.10.10.0/24;
}
then {
source-nat off;
}
}

C.
[edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
source-nat off;
}
}
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
source-nat interface;
}
}

D.
[edit security nat source rule-set internal]
user@host# show
from zone trust;
to zone untrust;
rule internet-access {
match {
source-address 0.0.0.0/0;
}
then {
accept;
}
}
rule server-access {
match {
destination-address 10.10.10.0/24;
}
then {
reject;
}
}

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *