I am struggling in uderstanding the SNAT.
Below is the flow session:
Session ID: 443, Policy name: OK/6, Timeout: 2, Valid
In: 192.168.111.2/51744 --> 91.201.212.238/80;tcp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 6, Bytes: 430,
Out: 91.201.212.238/80 --> 172.30.124.59/16613;tcp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 4, Bytes: 467,
We can say, there is a SNAT applied as the source is changed from 192.168.111.2 to 172.30.124.59.
Now, when we look at the SRX packet handing diagram:
The route lookup actually happened before SNAT. So, my confusion is:
- If route lookup is done before SNAT, then how can SRX know to where forward the packet after doing SNAT as I mentioned in the above flow session example?
- If SNAT configuration has all the routing-related information such as zone, which interface to go then it still applies to policy check, however, the policy check also done before SNAT.
Please share your thoughts so that it makes sense how actually SRX behaves in this scenario.
Thank you.