Weird problem with SRX340...
Static NAT works fine normally (once it "takes"), but a newly committed static NAT config has no effect until the machine is rebooted. Then it shows and works fine.
Firmware: 18.2R3-S2.9
Here's an example with three static NATs. First rule (below) was set up some time ago, working fine now; second was set up recently, but didn't show up or work until machine was rebooted (it's also working fine now). Third rule below I just set up & committed now; and as you can see from the second clip below, it doesn't even show up. Why??
[edit]
root@DCCA# show security nat static
rule-set static {
from zone untrust;
rule 1-server-B {
description Server-B;
match {
destination-address 1.1.1.1/32;
}
then {
static-nat {
prefix {
10.1.1.1/32;
}
}
}
}
rule 2-server-C {
match {
destination-address 1.1.1.2/32;
}
then {
static-nat {
prefix {
10.2.2.2/32;
}
}
}
}
rule 3-server-O {
match {
destination-address 1.1.1.3/32;
}
then {
static-nat {
prefix {
10.3.3.3/32;
}
}
}
}
}
[edit]
root@DCCA# run show security nat static rule all
Total static-nat rules: 2
Total referenced IPv4/IPv6 ip-prefixes: 4/0
Static NAT rule: 1-SERVER-B Rule-set: static
Description : Server B
Rule-Id : 1
Rule position : 1
From zone : untrust
Destination addresses : 1.1.1.1
Host addresses : 10.1.1.1
Netmask : 32
Host routing-instance : N/A
Translation hits : 10110151
Successful sessions : 9905411
Failed sessions : 204740
Number of sessions : 81
Static NAT rule: 2-SERVER-C Rule-set: static
Rule-Id : 2
Rule position : 2
From zone : untrust
Destination addresses : 1.1.1.2
Host addresses : 10.2.2.2
Netmask : 32
Host routing-instance : N/A
Translation hits : 1286651
Successful sessions : 1286402
Failed sessions : 249
Number of sessions : 24
I've seen it with this machine several times now. If the machine is rebooted, everything all work as configured. But if I change the public IP, or the rule name, it no longer takes effect. Config stays, and it commits fine...but there is no functional NAT.
If more detail is needed, just say so!