A company hosts a publicly accessible web server behind a Palo Alta Networks next-generation firewall with the following configuration information:
*Users outside the company are in the "Untrust-L3" zone.
*The web server physically resides in the "Trust-L3" zone.
*Web server public IP address: 18.104.22.168.
*Web server private IP address: 192.168.1.10.
Which two items must the NAT policy contain to allow users in the Untrust-L3 zone to access the web server? (Choose two.)
A. Untrust-L3 for both Source and Destination Zone
B. Destination IP of 192.168.1.10
C. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone
D. Destination IP of 22.214.171.124
C: Restrict access from the Internet to the servers on the DMZ to specific server IP addresses only.
For example, you might only allow users to access the webmail servers from outside
Zone: Untrust to DMZ
D: Set the Destination Address to the Public web server address object you created earlier. The public web server address object references the public
IP address-126.96.36.199-“of the web server that is accessible on the DMZ.