Click the Exhibit button.
Users are able to access hosts on the Internet, however, they are using the TO_INTERNET pool instead of the IP
address associated with the external interface for the translations.
Referring to the exhibit, why is the traffic using the source NAT pool instead of the IP address that is associated
with the external interface for translations on the SRX Series device?
A.
The INTERNET-1 rule set is listed before the INTERNET-2 rule set in the configuration hierarchy.
B.
The INTERNET-2 rule set is not configured with a destination address of 0.0.0.0/0 in the match criterion.
C.
The INTERNET -l rule set is configured with the more specific from criterion.
D.
The INTERNET -2 rule set is configured with the more specific from criterion.
C
Should be C I think
In the case where a packet matches more than one source NAT rule set, the rule set chosen is based on the following source/destination conditions (in order of priority):
Source interface/destination interface
Source zone/destination interface
Source routing instance/destination interface
Source interface/destination zone
Source zone/destination zone
Source routing instance/destination zone
Source interface/destination routing instance
Source zone/destination routing instance
Source routing instance/destination routing instance
https://www.juniper.net/documentation/en_US/junos12.1/topics/concept/nat-security-rule-set-and-rule-understanding.html#jd0e29