A network administrator configures a firewall policy to allow HTTP traffic from the internal network (10.0.0.0/8) to a web server (172.16.1.10). Users on the 10.0.0.0/8 network cannot access the web server, but other internal users can. The administrator checks the policy list and sees the policy is enabled and in the correct position. What is the most likely cause?
Trap 1: The policy is placed below a deny-all policy
The administrator checked policy order and it is correct.
Trap 2: NAT is not configured on the policy
NAT is not required for internal-to-internal traffic.
Trap 3: The policy is disabled
The administrator already verified the policy is enabled.
- A
The policy is placed below a deny-all policy
Why wrong: The administrator checked policy order and it is correct.
- B
NAT is not configured on the policy
Why wrong: NAT is not required for internal-to-internal traffic.
- C
The firewall does not have a route to the 10.0.0.0/8 network
Without a route, traffic from that network will be dropped.
- D
The policy is disabled
Why wrong: The administrator already verified the policy is enabled.