When Network Address Translation is used:
In SmartDashboard, Translate destination on client side is checked in Global Properties. When
Network Address Translation is used:
What is the rule order if both methods are used together?
You are MegaCorp’s Security Administrator. There are various network objects which must be
NATed. Some of them use the Automatic Hide NAT method, while others use the Automatic Static
NAT method. What is the rule order if both methods are used together? Give the best answer.
Which answers are TRUE?
Which answers are TRUE? Automatic Static NAT CANNOT be used when:
1) NAT decision is based on the destination port.
2) Both Source and Destination IP’s have to be translated.
3) The NAT rule should only be installed on a dedicated Gateway.
4) NAT should be performed on the server side.
Which of the following is NOT true?
In order to have full control, you decide to use Manual NAT entries instead of Automatic NAT rules.
Which of the following is NOT true?
Which is the likely source of the issue?
After filtering a fw monitor trace by port and IP, a packet is displayed three times; in the i, I, and o
inspection points, but not in the O inspection point. Which is the likely source of the issue?
How do you configure the Gateway to allow this network to go out to the Internet?
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R76
Gateway, which connects to your ISP provider. How do you configure the Gateway to allow this
network to go out to the Internet?
Do the above settings limit the partner’s access?
You are a Security Administrator who has installed Security Gateway R76 on your network. You need
to allow a specific IP address range for a partner site to access your intranet Web server. To limit the
partner’s access for HTTP and FTP only, you did the following:
1) Created manual Static NAT rules for the Web server.
2) Cleared the following settings in the Global Properties > Network Address Translation screen:
-Allow bi-directional NAT
-Translate destination on client side
Do the above settings limit the partner’s access?
what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back i
You enable Automatic Static NAT on an internal host node object with a private IP address of
10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties /
NAT.)
When you run fw monitor on the R76 Security Gateway and then start a new HTTP connection from
host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the
HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
what else must be configured so that a host on the Internet can initiate an inbound connection to this host?
You have configured Automatic Static NAT on an internal host-node object. You clear the box
Translate destination on client site from Global Properties > NAT. Assuming all other NAT settings in
Global Properties are selected, what else must be configured so that a host on the Internet can
initiate an inbound connection to this host?
Which of the following is NOT a possible reason?
You just installed a new Web server in the DMZ that must be reachable from the Internet. You
create a manual Static NAT rule as follows:
Source: Any || Destination: web_public_IP || Service: Any || Translated Source: original ||
Translated Destination: web_private_IP || Service: Original
“web_public_IP” is the node object that represents the new Web server’s public IP address.
“web_private_IP” is the node object that represents the new Web site’s private IP address. You
enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error “page cannot be
displayed”. Which of the following is NOT a possible reason?