SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Source NAT based on not equal to destinations

    Posted 08-18-2015 08:52
    Hello! Can you apply source NAT based on if the traffic is not equal to another few destinations. Basically I want a few network ranges to go down a tunnel interface and not be source NAT'ed but the rest of the traffic I would like to go down the default route and be source NAT'ed with the egress interface on the Firewall. Not sure if this is possible or how to go about it! Many Thanks, Nick


  • 2.  RE: Source NAT based on not equal to destinations
    Best Answer

     
    Posted 08-18-2015 13:25

    Hi,

     

    Yes you can do what you are asking.

     

     

    security {
    nat {
        source {
            rule-set internet {
                from zone inside;
                to zone outside;
                rule no-nat {
                    match {
                            source-address [ 192.168.1.0/24 192.168.2.0/24 ];
                        destination-address [ 100.1.1.1/32 90.1.1.1/24 ];
                    }
                    then {
                        source-nat {
                            off;
                        }
                    }
                }
		rule nat {
                    match {
                        source-address [ 192.168.1.0/24 192.168.2.0/24 ];
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
}

     

    Tim

     



  • 3.  RE: Source NAT based on not equal to destinations

    Posted 08-19-2015 02:23
    Works perfectly, many thanks!!