What is the default mode for an interface in theUntrustzone?
Interfaces can operate in three different modes: Network Address Translation (NAT), Route, and Transparent. If an interface bound to a Layer 3 zone has an IP address, you can define the operational mode for that interface as either NAT or Route. An interface bound to a Layer 2 zone (such as the predefined v1-trust, v1-untrust, and v1-dmz zones, or a user-defined Layer 2zone) must be in Transparent mode. You select an operational mode when you configure an interface. When an ingress interface is in Network Address Translation (NAT) mode, theNetScreendevice, acting like a Layer 3 switch (or router), translates two components in the header of an outgoing IP packet destined for theUntrustzone: its source IP address and source port number. The NetScreendevice replaces the source IP address of the originating host with the IP address of the Untrustzone interface. Also, it replaces the source port number with another random port number generated by theNetScreendevice. Remember that the interface that is residing in the trust zone, is default in NAT mode and an interface that is residing in theuntrustzone, isdefualtin Route mode.When an interface is in Route mode, theNetScreendevice routes traffic between different zones without performing source NAT (NAT-src); that is, the source address and port number in the IP packet header remain unchanged as it traverses theNetScreendevice.
One Comment on “What is the default mode for an interface in theUntrustzone?”
Correct answer is B