Watchguard Network Security Practice Test

If you want all traffic from a privately addressed email server to appear as coming from a specific public IP, which form of NAT should you use?

• A. Select dynamic NAT in the SMTP policy and set the source IP to 203.0.113.25.
• B. Create a global dynamic NAT rule for the email server and set the source IP to 203.0.113.25.
• C. Create a static NAT action for the email server and set the source IP to 203.0.113.25.
• D. Apply dynamic NAT to all traffic in the policy for the email server.

The correct answer is: Create a global dynamic NAT rule for the email server and set the source IP to 203.0.113.25.

To achieve the goal of making all traffic from a privately addressed email server appear as though it is coming from a specific public IP, the most suitable approach is to create a global dynamic NAT rule. This method allows for the translation of private IP addresses to a designated public IP address, ensuring that any outgoing connections from the email server are consistently shown as originating from that single public IP, 203.0.113.25. Global dynamic NAT operates by translating the source address of traffic leaving the network based on predefined rules. By specifying the source IP in the global dynamic NAT rule, you ensure that all outgoing traffic from the email server will be mapped to the specified public IP address. This creates a cohesive and recognizable external identity for the email server, which is particularly useful for receiving or interacting with external services that require whitelisting or monitoring. Utilizing this method promotes better control over IP management and facilitates compliance with external requirements, such as reverse DNS and logging, which are common in many organizational policies. It ensures reliable communication and reduces the complexity of keeping track of multiple public IPs for outbound communications from a single email server.