Which of the following statements about central NAT are true? (Choose two.)
A. IP tool references must be removed from existing firewall policies before enabling central NAT.
B. Central NAT can be enabled or disabled from the CLI only.
C. Source NAT, using central NAT, requires at least one central SNAT policy.
D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall.
AB are correct
NSE 4 SG security 7.0 p. 169
B is not correct for FortiOS 6.4
Which of the following statements about central NAT are true? FortiGate_security_6.4_study_Guide_Online pdf (Page164)
By Default, central NAT is disabled and can only be enabled on the CLI FortiGate_security_6.4_study_Guide_Online pdf (Page164)
A and B are correct. See FortiGate_Security_6.2_Study_Guide-Online Page 164
A is correct:
“Must remove VIP and IP pool references from existing policies…”
https://www.coursehero.com/file/29790754/L2-FortiGate-I-04-NATpdf/
B is correct:
Fortigate Study Guide Page 135:
“By default, Central NAT is disabled and can only be enabled on the CLI”.
A. IP pool references, not IP tool.