Limited Time Offer
15%
Off
Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
Exam NSE4_FGT_AD-7.6 Topic 1 Question 138 Discussion
Actual exam question for Fortinet's NSE4_FGT_AD-7.6 exam
Question #: 138
Topic #: 1
Question #: 138
Topic #: 1
Refer to the exhibits.
A diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device are shown.
Two PCs. PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.
Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivity issue for PC3? (Choose two.)
A diagram of a FortiGate device connected to the network, as well as the firewall policy and IP pool configuration on the FortiGate device are shown.
Two PCs. PC1 and PC2, are connected behind FortiGate and can access the internet successfully. However, when the administrator adds a third PC to the network (PC3), the PC cannot connect to the internet.
Based on the information shown in the exhibit, which two configuration options can the administrator use to fix the connectivity issue for PC3? (Choose two.)
Suggested Answer: B,D Vote an answer
From the exhibits:
The firewall policy has NAT enabled and is configured to Use Dynamic IP Pool.
The selected IP pool (Internet-pool) is configured as:
Type: One-to-One
External IP Range: 100.65.0.110-100.65.0.111 (only two public IPs)
PC1 and PC2 can access the internet because each one-to-one NAT mapping consumes one public IP from the pool. When PC3 is added, there is no third public IP available in the pool, so FortiGate cannot allocate a one-to-one mapping for PC3 and the session fails.
FortiOS behavior here is standard: with one-to-one IP pools, the available pool size limits how many distinct internal sources can be translated concurrently (depending on allocation and sessions), and a pool with only two IPs will not reliably support three separate hosts needing translations.
Therefore, the administrator can fix this in two valid ways:
B . In the IP pool configuration, set end ip to 100.65.0.112.
This expands the pool by adding an additional public IP address, making three public IPs available (.110, .111, .112), so PC3 can be assigned an address for one-to-one NAT.
D . In the IP pool configuration, set type to overload.
Changing the pool type to overload enables PAT (many-to-one), allowing multiple internal hosts (PC1, PC2, PC3) to share the pool address(es) using different source ports. This removes the "one public IP per internal host" limitation inherent to one-to-one pools.
Why the other options are not correct:
A . Multiple Interface Policies is unrelated to IP pool exhaustion and does not solve NAT allocation limits.
C . match-vip affects VIP matching behavior for destination NAT/virtual IP usage and does not address the source NAT pool shortage causing PC3 to fail.
The firewall policy has NAT enabled and is configured to Use Dynamic IP Pool.
The selected IP pool (Internet-pool) is configured as:
Type: One-to-One
External IP Range: 100.65.0.110-100.65.0.111 (only two public IPs)
PC1 and PC2 can access the internet because each one-to-one NAT mapping consumes one public IP from the pool. When PC3 is added, there is no third public IP available in the pool, so FortiGate cannot allocate a one-to-one mapping for PC3 and the session fails.
FortiOS behavior here is standard: with one-to-one IP pools, the available pool size limits how many distinct internal sources can be translated concurrently (depending on allocation and sessions), and a pool with only two IPs will not reliably support three separate hosts needing translations.
Therefore, the administrator can fix this in two valid ways:
B . In the IP pool configuration, set end ip to 100.65.0.112.
This expands the pool by adding an additional public IP address, making three public IPs available (.110, .111, .112), so PC3 can be assigned an address for one-to-one NAT.
D . In the IP pool configuration, set type to overload.
Changing the pool type to overload enables PAT (many-to-one), allowing multiple internal hosts (PC1, PC2, PC3) to share the pool address(es) using different source ports. This removes the "one public IP per internal host" limitation inherent to one-to-one pools.
Why the other options are not correct:
A . Multiple Interface Policies is unrelated to IP pool exhaustion and does not solve NAT allocation limits.
C . match-vip affects VIP matching behavior for destination NAT/virtual IP usage and does not address the source NAT pool shortage causing PC3 to fail.
by Jo at Mar 30, 2026, 03:15 AM
Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
RECENT DISCUSSIONS
- Exam GCSA Topic 1 Question 82 Discussion
- Exam CMT-Level-I Topic 1 Question 63 Discussion
- Exam FCP_FAZ_AN-7.6 Topic 2 Question 12 Discussion
- Exam AI-103 Topic 1 Question 6 Discussion
- Exam DP-750 Topic 1 Question 33 Discussion
- Exam NCP-AI Topic 3 Question 17 Discussion
- Exam IN101_V7 Topic 1 Question 20 Discussion
Contact Us
From Monday to Saturday
Support: Contact now
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Copyright © 2026 Actual4test NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy
Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).