NSE 4 – FortiGate 6.2 — Question 14

Which two statements about central NAT are true? (Choose two.)

Answer options

• A. SNAT using central NAT does not require a central SNAT policy.
• B. Central NAT can be enabled or disabled from the CLI only.
• C. IP pool references must be removed from existing firewall policies, before enabling central NAT.
• D. DNAT using central NAT requires a VIP object as the destination address in a firewall policy.

Correct answer: B, C

Explanation

Option B is correct because central NAT can indeed be controlled exclusively via the CLI. Option C is also correct as removing IP pool references from existing firewall policies is a prerequisite for enabling central NAT. Options A and D are incorrect because SNAT does require a policy and DNAT does not require a VIP object as the destination address.