NSE 4 – FortiGate 5.4 — Question 32

Which of the following statements about central NAT are true? (Choose two.)

Answer options

• A. IP tool references must be removed from existing firewall policies before enabling central NAT.
• B. Central NAT can be enabled or disabled from the CLI only.
• C. Source NAT, using central NAT, requires at least one central SNAT policy.
• D. Destination NAT, using central NAT, requires a VIP object as the destination address in a firewall policy.

Correct answer: A, B

Explanation

Option A is correct because IP tool references need to be removed to prevent conflicts once central NAT is enabled. Option B is also correct as central NAT can only be managed via the CLI, whereas options C and D are incorrect because they do not necessarily relate to the enabling of central NAT itself.