After implementing Static Address Translation to allow Internet traffic to an internal Web Server on
your DMZ, you notice that any NATed connections to that machine are being dropped by antispoofing protections. Which of the following is the MOST LIKELY cause?
A.
The Global Properties setting Translate destination on client side is unchecked. But the
topology on the DMZ interface is set to Internal – Network defined by IP and Mask. Check the
Global Properties setting Translate destination on client side.
B. The Global Properties setting Translate destination on client side is unchecked. But the
topology on the external interface is set to Others +. Change topology to External.
C.
The Global Properties setting Translate destination on client side is checked. But the topology
on the external interface is set to External. Change topology to Others +.
D.
The Global Properties setting Translate destination on client side is checked. But the topology
on the DMZ interface is set to Internal – Network defined by IP and Mask. Uncheck the Global
Properties setting Translate destination on client side.
A)
0
0
Answer D
Translate on client side will change the destination address in the inbound kernel. The OS then gets the packet from the inbound kernel, and the anti-spoofing sees a packet with an internal address coming from an interface marked as external.
Uncheck the setting so the outbound kernel will do the NAT translation. The packet will pass the anti-spoofing in the OS with the untranslated address first.
0
0
I do not understand why answer D should be correct. DudeM five can you please clarify it. I believe A should be the right answer.
0
0
according actualtests dot com:
answer A is correct
0
0
A is correct answer
0
0