public ip behind srx320

    Posted 10-14-2020

    Hi there,


    I need to assign a public ip to a server. I have a /29 public range and use NAT for other server but this one must be accessed by public ip address without NAT, in a internal/trust zone from untrst/external zone. How do i set it up? is it possible?


    Thank you.



    Posted 10-14-2020

    Hi Carsten,


    it's definitely possible to do so - but you cannot have the same public range on multiple interfaces so to accomplish this you need either an extra /30 or get your existing /29 divided into two /30's.


    The you can create an interface with the public prefix and assign either to the existing trust zone or create a new (dmz?) zone.

    Possibly a new zone is easier to avoid colliding with existing NAT rules.


    You will either way also need your ISP to route the public prefix to the WAN ip of your SRX320 to ensure routing is done correctly.


    I hope this brings you a bit closer to a solution. Let us know if you need more input.

    Posted 10-14-2020

    Hi Jonas,


    Thank you very much helping here. One last question, is it possible to assign public ip range to IRB and nat to private addresses. I did try to find articles about it but i didn't succeed on this yet. I'll try your first solution soon. Thank you again.

    Posted 10-14-2020

    Hi Carsten,


    yeah you can easily do the same with an irb interface as you would with a physical one. It can be both public and internal addresses, all NAT types works the same and proxy-arp can also be done.

    Posted 12-21-2020
    Posted 01-19-2021
    Just wanted to let you know i got to work. Thanl you.