Palo Alto Networks Certified Network Security Administrator (PCNSA) — Question 220

An administrator wants to create a No-NAT rule to exempt a flow from the default NAT rule.
What is the best way to do this?

Answer options

• A. Create a static NAT rule translating to the destination interface.
• B. Create a static NAT rule with an application override.
• C. Create a Security policy rule to allow the traffic.
• D. Create a new NAT rule with the correct parameters and leave the translation type as None.

Correct answer: D

Explanation

The correct answer is D because creating a new NAT rule with the translation type set to None effectively exempts the specified flow from NAT processing. Options A and B involve creating static NAT rules that still apply NAT, while option C deals with security policies, which do not directly address the need for No-NAT functionality.