Lesson 7 Flashcards
Inside end user receives an address from a pool of available addresses
Global (Dynamic) NAT
NAT is now built around ______. This allows for IP addresses to be changed and objects to be renamed much easier than previously.
used to define a single item.
objects
2 main type of objects
– network - includes hosts, subnets or a range of IP addresses
– service - includes protocols or ports.
With V 8.3 NAT behaviour , the security appliance introduces the ____________ , which allows translation policies to be inserted in any arbitrary order .
The rules are processed based on how specific each NAT entry is (top - down manner ) and the first match of the rule stops further rule processing .
Unified NAT table concept
can be used to define a single IP address, a range of addresses, a subnet, a network , or an FQDN.
Network objects
The host, range, or subnet that is defined by a network object is used to identify the __________, IP address in a NAT configuration.
real or non - translated
______is done inside the object and only the source is used as match criteria, it cannot take into consideration the destination of the traffic.
Auto NAT
When using Auto NAT, you configure translations as part of the network object definitions . Auto NAT is therefore also sometimes referred to as ___________ .
Network Object NAT
__________can be used to configure a single NAT rule that will translate both the source and destination addresses in a packet. This is known also know as _________because NAT can be performed twice, once on the source IP, and once on the destination IP.
Manual NAT
twice NAT
NAT translation is ordered in sections of the Unified NAT table as follows:
Section 1 – Manual NAT Section 2 – Auto NAT (Object NAT) 1 . Static rules 2 . Dynamic rules Section 3 – Manual NAT (After - Auto)
If you need to place a manual NAT rule after Auto NAT, then you can specify the keyword _________ when configuring a Manual NAT rule to place it at the end, in Section 3 .
after - auto
If you need to place the Manual NAT rule at a specific location for precedence, then use the ______ argument.
“ line# ”
nat ( real,mapped ) [after - auto] [ line# ] source …
________ , or port redirection , is useful when the security appliance needs to statically map multiple inside servers to one global IP address.
Static PAT
Dynamic NAT
The first network object identifies the pool of public IP addresses that internal addresses will be translated to.
The second network object (inside) binds the two objects together .
object network OUTSIDE_RANGE
range | host | subnet ip 142.232.199.240 - 142.232.199.250
object network INSIDE_NET
subnet 10.10.101.0 255.255.255.224
nat (inside,outside ) dynamic OUTSIDE_RANGE
Dynamic PAT is used when the outside interface IP address or another specified IP address is overloaded
object network INSIDE_NET
subnet 10.10.101.0 255.255.255.224
nat ( inside,outside) dynamic interface
