Palo Alto Networks Network Security Analyst — Question 5

What is the most granular method for ensuring that traffic to a firewall’s public IP address on the public interface is translated to the private IP address of the web server?

Answer options

• A. Create one NAT policy, ensure the policy has original packet destination IP as the public IP address and translated packet destination IP as the private IP address, and mark Bi-directional as "Yes."
• B. Create one NAT policy, set the source address to the public IP address and destination address to the private IP address, and ensure Bi-directional is checked.
• C. Create two static NAT policies, ensure one policy has original packet destination IP as the public IP address and translated packet destination IP as the private IP address, ensure the other policy has original packet source IP as the private IP address and the translated packet source IP as the public IP address.
• D. Create one NAT policy, ensure the policy has original packet source IP as the private IP address and the translated packet source IP as the public IP address, and mark Bi-directional as "Yes."

Correct answer: A

Explanation

Option A is correct because it specifies creating a single NAT policy that translates traffic from the public IP to the private IP with bi-directional capability, ensuring accurate traffic routing. The other options either misconfigure the directionality or involve unnecessary multiple policies, which do not provide the same level of granularity for this specific scenario.