Fortinet
NSE4_FGT-7.0 · Question #69
NSE4_FGT-7.0 Question #69: Real Exam Question with Answer & Explanation
The correct answer is C: 10.200.1.1. The "set nat-source-vip enable" should be applied in the VIP Otherwise, the IP address of the physical interface will be used for NAT https://kb.fortinet.com/kb/documentLink.do?externalID=FD44529
Question
Examine the exhibit, which contains a virtual IP and firewall policy configuration. The WAN (port1) interface has the IP address 10.200.1.1/24. The LAN (port2) interface has the IP address 10.0.1.254/24. The first firewall policy has NAT enabled on the outgoing interface address. The second firewall policy is configured with a VIP as the destination address. Which IP address will be used to source NAT the Internet traffic coming from a workstation with the IP address 10.0.1.10/24?
Exhibits
Options
- A10.200.1.10
- BAny available IP address in the WAN (port1) subnet 10.200.1.0/24
- C10.200.1.1
- D10.0.1.254
Explanation
The "set nat-source-vip enable" should be applied in the VIP Otherwise, the IP address of the physical interface will be used for NAT https://kb.fortinet.com/kb/documentLink.do?externalID=FD44529
Community Discussion
No community discussion yet for this question.