SRX Next-Gen Firewalls

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX NAT Translation Help

    This message was posted by a user wishing to remain anonymous
    Posted 05-24-2022 05:55
    This message was posted by a user wishing to remain anonymous

    Hi guys, 

    I got a simple set up here but I am not getting any translation hits at all on my configuration. 
    Unable to ping them both ways. 
    So I want to NAT a private IP (Trust)  to private IP (Untrust) on port 443 https. Traffic is outbound going to the  WebGUI (443). 
    Can anyone check my config and diagram please, thanks. 

    set security nat static rule-set rs1 from zone untrust 
    
    set security nat static rule-set rs1 rule r1 match destination-address 172.16.200.177/32 
    set security nat static rule-set rs1 rule r1 then static-nat prefix 10.160.200.177/32 
    set security nat proxy-arp interface ge-0/0/0.0 address 172.16.200.177/32
    set security address-book global address USER-1 10.160.200.177/32 
    
    set security policies from-zone trust to-zone untrust policy permit-all match source-address USER-1
    set security policies from-zone trust to-zone untrust policy permit-all match destination-address any 
    set security policies from-zone trust to-zone untrust policy permit-all match application any 
    set security policies from-zone trust to-zone untrust policy permit-all then permit 
    
    set security policies from-zone untrust to-zone trust policy server-access match source-address any 
    set security policies from-zone untrust to-zone trust policy server-access match destination-address USER-1 
    set security policies from-zone untrust to-zone trust policy server-access match application any
    set security policies from-zone untrust to-zone trust policy server-access then permit​


  • 2.  RE: SRX NAT Translation Help

    Posted 28 days ago
    set security nat source rule-set r1 from zone trust
    set security nat source rule-set r1 to zone untrust
    set security nat source rule-set r1 rule r1-interface match source-address 0.0.0.0/0
    set security nat source rule-set r1 rule r1-interface match destination-address 0.0.0.0/0
    set security nat source rule-set r1 rule r1-interface then source-nat interface

    set security policies from-zone trust to-zone untrust policy WEB_UNTRUST match source-address USER-1
    set security policies from-zone trust to-zone untrust policy WEB_UNTRUST match destination-address any
    set security policies from-zone trust to-zone untrust policy WEB_UNTRUST match dynamic-application junos-https
    set security policies from-zone trust to-zone untrust policy WEB_UNTRUST then log session-close
    set security policies from-zone trust to-zone untrust policy WEB_UNTRUST then count


    ------------------------------
    Jamie Graham
    ------------------------------