I need to assign a public ip to a server. I have a /29 public range and use NAT for other server but this one must be accessed by public ip address without NAT, in a internal/trust zone from untrst/external zone. How do i set it up? is it possible?
it's definitely possible to do so - but you cannot have the same public range on multiple interfaces so to accomplish this you need either an extra /30 or get your existing /29 divided into two /30's.
The you can create an interface with the public prefix and assign either to the existing trust zone or create a new (dmz?) zone.
Possibly a new zone is easier to avoid colliding with existing NAT rules.
You will either way also need your ISP to route the public prefix to the WAN ip of your SRX320 to ensure routing is done correctly.
I hope this brings you a bit closer to a solution. Let us know if you need more input.
Thank you very much helping here. One last question, is it possible to assign public ip range to IRB and nat to private addresses. I did try to find articles about it but i didn't succeed on this yet. I'll try your first solution soon. Thank you again.
yeah you can easily do the same with an irb interface as you would with a physical one. It can be both public and internal addresses, all NAT types works the same and proxy-arp can also be done.
So now i've got a new /28 > split it up to 2 x /29, on 2 different interfaces.
I got internet connection egress and NAT to private ip ingress on one.
But only internet connection egress on the other.
If i would like to STATIC NAT to a public address on the private side on the firewall, then should I just setup static nat with:
destination address = public ip, prefix = public ip? and then firewall rules.
And should i setup proxy arp?