Where in a fw monitor output would you see destination address translation occur in cases of inbound automatic static NAT?
Answer : B
You are attempting to establish an FTP session between your computer and a remote server, but it is not being completed successfully. You think the issue may be due to IPS.
Viewing SmartView Tracker shows no drops. How would you confirm if the traffic is actually being dropped by the gateway?
Answer : D
By default, the size of the fwx_alloc table is:
Answer : C
In your SecurePlatform configuration you need to set up a manual static NAT entry. After creating the proper NAT rule what step needs to be completed?
Answer : A
The "Hide internal networks behind the Gateway's external IP" option is selected. What defines what traffic will be NATted?
Answer : D
When viewing a NAT Table, What represents the second hexadecimal number of the 6- tuple:
Answer : C
Since switching your network to ISP redundancy you find that your outgoing static NAT connections are failing. You use the command _________ to debug the issue.
Answer : C
Tom is troubleshooting NAT issues using fw monitor and Wireshark. He tries to initiate a connection from the external network to a DMZ server using the public IP which the firewall translates to the actual IP of the server. He analyzes the captured packets using Wireshark and observes that the destination IP is being changed as required by the firewall but does not see the packet leave the external interface. What could be the reason?
Answer : B
Remote VPN clients can initiate connections with internal hosts, but internal hosts are unable to initiate connections with the remote VPN clients, even though the policy is configured to allow it. You think that this is caused by NAT. What command can you run to see if NAT is occurring on a packet?
Answer : D
Ann wants to hide FTP traffic behind the virtual IP of her cluster. Where is the relevant file table.def located to make this modification?
Answer : D
Which file should be edited to modify ClusterXL VIP Hide NAT rules, and where?
Answer : B
While troubleshooting a DHCP relay issue, you run a fw ctl zdebug drop and see the following output:
;[cpu_1];[fw_0];fw_log_drop: Packet proto=17 10.216.14.108:67 > 172.31.2.1:67 dropped by fw_handle_first_packet Reason: fwconn_init_links (INBOUND) failed;
Where 10.216.14.108 is the IP address of the DHCP server and 172.31.2.1 is the VIP of the Cluster. What is the most likely cause of this drop?
Answer : D
Server A is subject to automatically static NAT and also resides on a network which is subject to automatic Hide NAT. With regards to address translation what will happen when
Server A initiates outbound communication?
Answer : C
Where in a fw monitor output would you see source address translation occur in cases of automatic Hide NAT?
Answer : C
You are trying to troubleshoot a NAT issue on your network, and you use a kernel debug to verify a connection is correctly translated to its NAT address. What flags should you use for the kernel debug?
Answer : A
Have any questions or issues ? Please dont hesitate to contact us