NAT Flashcards
What is another term for Dynamic NAT?
IP masquerading
Which NAT changes the source IP address of each outgoing connection to match the Firebox’s IP address?
Dynamic NAT
What does Firebox track when using Dynamic NAT?
- Private Source & Dest. IP
- Source & Dest. Ports
- Protocols
Enumarate examples (3) of IP header information
- Source port
- Destination port
- Protocols
Which NAT enables clients on a private network to connect to servers on the internet?
Dynamic NAT
In Dynamic NAT, how many IP addresses does the internet see?
One (1)
In Dynamic NAT, what is the only IP address does the internet see?
Public IP address
On which connnections is Dynamic NAT normally applied to?
Connections starting from behind a Firebox
In Dynamic NAT, is the source port changed?
Only if necessary.
In Dynamic NAT, how often does the Firebox keep the same source port that the requesting client use?
Always.
Which NAT is configured as default on Firebox?
Dynamic NAT
On which kinds of IP addresses is Dynamic NAT applied on by default?
RFC1918
In Policy Manager, how to configure Dynamic NAT rules?
Network tab > NAT
Is Dynamic NAT enabled by default on each policy you create?
Yes
Can you override the global dynamic NAT settings in individual policies?
Yes
What can be used to override the global dynamic NAT settings?
Individual policies
In Dynamic NAT, which IP address of the external interface does is used when traffic leaves?
Primary IP address
Enumerate two (2) procedures on setting the Dynamic NAT source IP address.
- Network Dynamic NAT rule
- Policy
What is another term for Static NAT?
Port forwarding
Which NAT allows inbound connections on the specific ports to one or more public servers from a single external IP address?
Static NAT
In Static NAT, what does the Firebox change?
Destination IP address of the packets
In Static NAT, what is the basis of the Firebox when forwarding packets?
Based on the original destination port number
What is Static NAT typically used for?
Public services such as websites and email
Which NAT is recommended if you have a small number of public IP addresses
Static NAT
Which NAT is the only option if you have only one public IP address?
Static NAT
What is the default behavior of Static NAT?
Does not change the source IP address for inbound traffic
In Static NAT, which IP address is not changed by default?
Source IP address
Where is the static NAT configuration saved when you configure a Static NAT?
SNAT action
Can you add, edit, or delete SNAT actions?
Yes
What can you do to the SNAT action after creating it?
Can you the same action in one or more policies.
What are the two (2) types of SNAT actions?
- Static NAT
- Server Load Balancing
What kind of traffic does the Static NAT forward?
Inbound traffic
In addition to an IP address, what can you specify in an SNAT action?
FQDN
Which SNAT action forwards inbound traffic addressed to one IP address to one of several servers behind the firewall?
Server Load Balancing
Which SNAT action forwards inbound traffic addressed to one IP address to a different IP address and port behind the firewall?
Static NAT
In a static NAT action, where is inbound traffic addressed to one IP address forwarded to?
To a different IP address and port
In a server load balancing, where is inbound traffic addressed to one IP address forwarded to?
To one of several servers
What section do you add the SNAT action?
To section
Which NAT provides a mapping for one or more private IP addresses to one or more public IP addresses?
1-to-1 NAT
Which NAT allows the internal network resources accessible on the internet?
1-to-1 NAT
Which NAT is for networks with many public IP addresses?
1-to-1 NAT
Which NAT is an OPTION if you want to dedicate a public IP address for a single purpose?
1-to-1 NAT
Is it recommended to use 1-to-1 NAT rather than SNAT?
No. SNAT is better.
In 1-to-1 NAT, what is prevented is you only have 1 public IP?
All use of inbound Firebox functions
In 1-to-1 NAT, can the WatchGuard Support team connect with only having 1 public IP?
No.
What can you configure in each 1-to-1 NAT rule?
- Host
- Range of hosts
- Subnet
Which NAT rule always has a precedence over Dynamic NAT?
1-to-1 NAT
What do you need to specify for each 1-to-1 NAT rule?
- Interface
- Real base
- NAT base
- Number of hosts to NAT (for ranges only)
What do you call the thing on which 1-to-1 NAT is to be applied?
Interface
What do you call the IP address assigned to the physical Ethernet interface of the computer to which you apply the 1-to-1 NAT policy?
Real base
What do you call the base where the private addresses are used?
Real base
What do you call the IP address that the real base IP address changes to whne 1-to-1 NAT is applied?
NAT base
What do you call the base where the public addresses are used?
NAT base
What do you use when local network users need to connect to an internal server with the public IP address or domain name of that server?
NAT loopback
In dynamic NAT, what IP address gets changed?
Source IP
Which NAT is often used for outbound traffic?
Dynamic NAT
Which NAT is the most common NAT?
Dynamic NAT
Which VPN is DNAT available for?
BOVPN
In Static NAT, what IP address gets changed?
Destination IP
Which NAT is often used for inbound traffic?
Static NAT
On which NAT can SNAT be combined with?
DNAT
Which NAT allows you to configure 1 public IP to multiple servers?
Static NAT
Since you can configure 1 public IP to multiple servers, how can the traffic be differentiated?
Different ports
Which NAT maps 1 subnet to another subnet, or binds 1 IP to another IP?
1-to-1 NAT
Which IP is changed for 1-to-1 NAT?
Source and Destination IP
What is also known as HAIRPIN NAT?
NAT Loopback
What NATs are used with NAT Loopback?
SNAT & 1-to-1 NAT
Which NAT allows local clients to communicate to a public IP that points to a local server?
1-to-1 NAT
When is NAT loopback useful?
When DNS records points only at a public IP
How do you configure SNAT in policy manager?
Setup tab > Actions > SNAT
