Click the Exhibit button. You are troubleshooting a communication problem between a trust
zone and an untrust zone in the network, where PC-1 cannot ping PC-2. Referring to the
exhibit, which configuration change on SRX- 1 would resolve this problem? Add a security
policy to allow ICMP traffic from the untrust zone to the trust zone.
A.
Add an address book entry for address 70.1.1.2.
B.
Add a security policy to allow ICMP traffic from the trust zone to the untrust zone.
C.
Configure proxy-arp under the [edit security nat] hierarchy.
Wrong. You need to add:
A.Add an address book entry for address 70.1.1.2.
B.Add a security policy to allow ICMP traffic from the untrust zone to the trust zone.
0
0
No! For me the correct answer is C – Configure proxy-arp under the [edit security nat] hierarchy.
If you look at the show security policy, you will notice that the source, destination and application are “any”, which means that ping is already allowed for everyone coming from the trust zone.
in the flow session, you see the 70.1.1.2 trying to answer to an IP 70.1.1.10 which means that you need a proxy arp.
0
0