If Certkiller A initiates a Web browsing session with Certkiller B, and the Trust interface of the 5XT is in NAT mode, what could be the source address/port of the packet arriving at host Certkiller B?
When an ingress interface (10.0.0.1) is in Network Address Translation (NAT) mode, the NetScreendevice, acting like a Layer 3 switch (or router), translates two components in the header of an outgoing IP packet destined for theUntrustzone: its source IP address and source port number. TheNetScreendevice replaces the source IP address of the originating host with the IP address of theUntrustzone interface (188.8.131.52). Also, it replaces the source port number with another random port number generated by theNetScreendevice. The port numbers 1 to 1023 are reserved for well known port numbers, so the next available port number could be 1024.