NAT

Question 1

What is another term for Dynamic NAT?

Answer 1

IP masquerading

Question 2

Which NAT changes the source IP address of each outgoing connection to match the Firebox’s IP address?

Answer 2

Dynamic NAT

Question 3

What does Firebox track when using Dynamic NAT?

Answer 3

1. Private Source & Dest. IP
2. Source & Dest. Ports
3. Protocols

Question 4

Enumarate examples (3) of IP header information

Answer 4

1. Source port
2. Destination port
3. Protocols

Question 5

Which NAT enables clients on a private network to connect to servers on the internet?

Answer 5

Dynamic NAT

Question 6

In Dynamic NAT, how many IP addresses does the internet see?

Answer 6

One (1)

Question 7

In Dynamic NAT, what is the only IP address does the internet see?

Answer 7

Public IP address

Question 8

On which connnections is Dynamic NAT normally applied to?

Answer 8

Connections starting from behind a Firebox

Question 9

In Dynamic NAT, is the source port changed?

Answer 9

Only if necessary.

Question 10

In Dynamic NAT, how often does the Firebox keep the same source port that the requesting client use?

Answer 10

Always.

Question 11

Which NAT is configured as default on Firebox?

Answer 11

Dynamic NAT

Question 12

On which kinds of IP addresses is Dynamic NAT applied on by default?

Answer 12

RFC1918

Question 13

In Policy Manager, how to configure Dynamic NAT rules?

Answer 13

Network tab > NAT

Question 14

Is Dynamic NAT enabled by default on each policy you create?

Answer 14

Yes

Question 15

Can you override the global dynamic NAT settings in individual policies?

Answer 15

Yes

Question 16

What can be used to override the global dynamic NAT settings?

Answer 16

Individual policies

Question 17

In Dynamic NAT, which IP address of the external interface does is used when traffic leaves?

Answer 17

Primary IP address

Question 18

Enumerate two (2) procedures on setting the Dynamic NAT source IP address.

Answer 18

1. Network Dynamic NAT rule
2. Policy

Question 19

What is another term for Static NAT?

Answer 19

Port forwarding

Question 20

Which NAT allows inbound connections on the specific ports to one or more public servers from a single external IP address?

Answer 20

Static NAT

Question 21

In Static NAT, what does the Firebox change?

Answer 21

Destination IP address of the packets

Question 22

In Static NAT, what is the basis of the Firebox when forwarding packets?

Answer 22

Based on the original destination port number

Question 23

What is Static NAT typically used for?

Answer 23

Public services such as websites and email

Question 24

Which NAT is recommended if you have a small number of public IP addresses

Answer 24

Static NAT

Question 25

Which NAT is the only option if you have only one public IP address?

Answer 25

Static NAT

Question 26

What is the default behavior of Static NAT?

Answer 26

Does not change the source IP address for inbound traffic

Question 27

In Static NAT, which IP address is not changed by default?

Answer 27

Source IP address

Question 28

Where is the static NAT configuration saved when you configure a Static NAT?

Answer 28

SNAT action

Question 29

Can you add, edit, or delete SNAT actions?

Answer 29

Yes

Question 30

What can you do to the SNAT action after creating it?

Answer 30

Can you the same action in one or more policies.

Question 31

What are the two (2) types of SNAT actions?

Answer 31

1. Static NAT
2. Server Load Balancing

Question 32

What kind of traffic does the Static NAT forward?

Answer 32

Inbound traffic

Question 33

In addition to an IP address, what can you specify in an SNAT action?

Answer 33

FQDN

Question 34

Which SNAT action forwards inbound traffic addressed to one IP address to one of several servers behind the firewall?

Answer 34

Server Load Balancing

Question 35

Which SNAT action forwards inbound traffic addressed to one IP address to a different IP address and port behind the firewall?

Answer 35

Static NAT

Question 36

In a static NAT action, where is inbound traffic addressed to one IP address forwarded to?

Answer 36

To a different IP address and port

Question 37

In a server load balancing, where is inbound traffic addressed to one IP address forwarded to?

Answer 37

To one of several servers

Question 38

What section do you add the SNAT action?

Answer 38

To section

Question 39

Which NAT provides a mapping for one or more private IP addresses to one or more public IP addresses?

Answer 39

1-to-1 NAT

Question 40

Which NAT allows the internal network resources accessible on the internet?

Answer 40

1-to-1 NAT

Question 41

Which NAT is for networks with many public IP addresses?

Answer 41

1-to-1 NAT

Question 42

Which NAT is an OPTION if you want to dedicate a public IP address for a single purpose?

Answer 42

1-to-1 NAT

Question 43

Is it recommended to use 1-to-1 NAT rather than SNAT?

Answer 43

No. SNAT is better.

Question 44

In 1-to-1 NAT, what is prevented is you only have 1 public IP?

Answer 44

All use of inbound Firebox functions

Question 45

In 1-to-1 NAT, can the WatchGuard Support team connect with only having 1 public IP?

Answer 45

No.

Question 46

What can you configure in each 1-to-1 NAT rule?

Answer 46

1. Host
2. Range of hosts
3. Subnet

Question 47

Which NAT rule always has a precedence over Dynamic NAT?

Answer 47

1-to-1 NAT

Question 48

What do you need to specify for each 1-to-1 NAT rule?

Answer 48

1. Interface
2. Real base
3. NAT base
4. Number of hosts to NAT (for ranges only)

Question 49

What do you call the thing on which 1-to-1 NAT is to be applied?

Answer 49

Interface

Question 50

What do you call the IP address assigned to the physical Ethernet interface of the computer to which you apply the 1-to-1 NAT policy?

Answer 50

Real base

Question 51

What do you call the base where the private addresses are used?

Answer 51

Real base

Question 52

What do you call the IP address that the real base IP address changes to whne 1-to-1 NAT is applied?

Answer 52

NAT base

Question 53

What do you call the base where the public addresses are used?

Answer 53

NAT base

Question 54

What do you use when local network users need to connect to an internal server with the public IP address or domain name of that server?

Answer 54

NAT loopback

Question 55

In dynamic NAT, what IP address gets changed?

Answer 55

Source IP

Question 56

Which NAT is often used for outbound traffic?

Answer 56

Dynamic NAT

Question 57

Which NAT is the most common NAT?

Answer 57

Dynamic NAT

Question 58

Which VPN is DNAT available for?

Answer 58

BOVPN

Question 59

In Static NAT, what IP address gets changed?

Answer 59

Destination IP

Question 60

Which NAT is often used for inbound traffic?

Answer 60

Static NAT

Question 61

On which NAT can SNAT be combined with?

Answer 61

DNAT

Question 62

Which NAT allows you to configure 1 public IP to multiple servers?

Answer 62

Static NAT

Question 63

Since you can configure 1 public IP to multiple servers, how can the traffic be differentiated?

Answer 63

Different ports

Question 64

Which NAT maps 1 subnet to another subnet, or binds 1 IP to another IP?

Answer 64

1-to-1 NAT

Question 65

Which IP is changed for 1-to-1 NAT?

Answer 65

Source and Destination IP

Question 66

What is also known as HAIRPIN NAT?

Answer 66

NAT Loopback

Question 67

What NATs are used with NAT Loopback?

Answer 67

SNAT & 1-to-1 NAT

Question 68

Which NAT allows local clients to communicate to a public IP that points to a local server?

Answer 68

1-to-1 NAT

Question 69

When is NAT loopback useful?

Answer 69

When DNS records points only at a public IP

Question 70

How do you configure SNAT in policy manager?

Answer 70

Setup tab > Actions > SNAT