ACMP-6.4 question 36 discussion


The Aruba Policy Enforcement Firewall (PEF-NG) module supports destination network
address translation (dst-nat).
Which is the default use of this statement in an Aruba controller configuration?
A. source the IP addresses of users to specific IP address
B. redirect HTTP sessions to Captive Portal
C. redirect Access Points to another Aruba controller
D. provide a telnet connection to the controller
E. redirect a SSH session to terminate on the controller

Created 10 months, 1 week ago by PCLuis04


This is wrong. The answer is A. Primary reason for a feature like this is to facilitate communication between devices especially during redundancy HA.


Actually, this is correct. Without dst-nat, captive portal redirect wouldn't be possible. Since it's dst-nat, not src-nat, answer A doesn't fit at all.


This is SO misleading. A is definitely the technically correct answer. I understand captive portal wouldn't be possible, but either would DNAT!


it is not asked for the technically correct answer - it's asked for "[...]default use of this statement in an Aruba controller configuration?" So for this it's the only correct answer