It depends on if the interface IP address is included in your source NAT statement and if you have a policy to permit the traffic. If so, you should be able to. If you were to just do "ping 126.96.36.199", it should use the public interface though.
Capture the traffic flow to see what is happening.
Example 2 from
Please refer the KB to NAT the SRX self generated traffic:
Thank You Nellika for your response , it works now
You current nat rule is from the zone of the interface to the untrust which will cover all hosts connected to that subnet behind the SRX.
But the SRX itself and all of its interfaces are in the junos-host zone. So you need to add a rule from zone junos-host to zone untrust to apply nat to these interfaces.
Thanks spuluka .
Dear All ,
As updated earlier my query has been answered and i tested and it works fine but my doubt is i dont have a rule for junos host from trust to untrust but the rule i have configured earlier is for remote access to junos host from untrust so that i can access junos remotely so how come only nating made trust interface ip on the junos reach the internet .
By default access outbound from junos-host is always permitted so no configuration as needed to allow outbound ping from the SRX.
For inbound connections to the SRX permissions are granted based on the zone configuration under host inbound traffic. If the service or protocol is permitted by the zone setting then it allows all inbound to the SRX by default.
You only need to configure security policy with the junos-host zone if you want to override these settings to either restict outbound traffic from the default allow all. Or restrict inbound traffic by ip address instead of just protocol or service.
Thank You for Quick Reply .