Can a Check Point gateway translate both source IP address and destination IP address in a given packet?
A. Yes.
B. No.
C. Yes, but only when using Automatic NAT.
D. Yes, but only when using Manual NAT.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
Enabling Manual NAT
For some deployments, it is necessary to manually define the NAT rules. Create SmartDashboard objects that use the valid (NATed) IP addresses. Create NAT rules to translate the original IP addresses of the objects to valid IP addresses. Then configure the Firewall Rule Base to allow traffic to the applicable translated objects with these valid IP addresses.
Note – For manual NAT rules, it is necessary to configure proxy ARPs to associate the translated IP address.
These are some situations that must use manual NAT rules:
Rules that are restricted to specified destination IP addresses and to specified source IP addresses
Translate both source and destination IP addresses in the same packet.
Static NAT in only one direction
Translate services (destination ports)
Rules that only use specified services (ports)
Translate IP addresses for dynamic objects
From: https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
The Firewall can change both the source and destination IP addresses in a packet. For example, when an internal computer sends a packet to an external computer, the Firewall translates the source IP address to a new one. The packet comes back from the external computer, the Firewall translates the new IP address back to the original IP address. The packet from the external computer goes to the correct internal computer.
I think they mean “connection” but it is stated as “packet”.
Answer is:
.
.
.
A.
.
Source:
.
https://sc1.checkpoint.com/documents/R76/CP_R76_Firewall_WebAdmin/6724.htm
D
D ?