Why when I look at my web server logs I see the firewall Lan (Trust) IP instead of the users IP???
2023-01-07 12:19:22 10.10.20.199 GET /Portals/0/Images/laptop_bgd.jpg - 80 -
10.10.20.254 Mozilla/5.0+(Macintosh;+Intel+Mac+OS+X+10_15_7)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/108.0.0.0+Safari/537.36
http://XXX.182.158.199/ 200 0 0 148
Static Nat XXX.182.158.199 --> 10.10.20.199
Proxy Arp Setup and Security Policy Allow Http
------------------------------
JAY ECHOUAFNI
------------------------------
Original Message:
Sent: 01-05-2023 16:23
From: JAY ECHOUAFNI
Subject: NAT Problem
I fixed the issue
------------------------------
JAY ECHOUAFNI
Original Message:
Sent: 01-05-2023 10:15
From: JAY ECHOUAFNI
Subject: NAT Problem
I set up a static NAT for my server 10.10.20.199 to XXX.182.158.199 and have a security policy to allow untrust port 80 to that server behind the SRX345. But the server does not see the internet and the internet does not see the server. I am Used to the ISG-2000 so J-Web is new to me.
set security nat source rule-set nsw_srcnat from zone trust
set security nat source rule-set nsw_srcnat to zone untrust
set security nat source rule-set nsw_srcnat rule nsw-src-interface match source-address 0.0.0.0/0
set security nat source rule-set nsw_srcnat rule nsw-src-interface match destination-address 0.0.0.0/0
set security nat source rule-set nsw_srcnat rule nsw-src-interface then source-nat interface
set security nat destination pool Win-2019 address 10.10.20.199/32
set security nat destination pool Win-2019 address port 80
set security nat static rule-set Servers from zone untrust
set security nat static rule-set Servers rule MIP match destination-address XXX.182.158.199/32
set security nat static rule-set Servers rule MIP then static-nat prefix 10.10.20.199/32
set security nat proxy-arp interface ge-0/0/0.0 address XXX.182.158.199/32
set security policies from-zone trust to-zone trust policy trust-to-trust match source-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match destination-address any
set security policies from-zone trust to-zone trust policy trust-to-trust match application any
set security policies from-zone trust to-zone trust policy trust-to-trust then permit
set security policies from-zone trust to-zone untrust policy our-internet-policy match source-address any
set security policies from-zone trust to-zone untrust policy our-internet-policy match destination-address any
set security policies from-zone trust to-zone untrust policy our-internet-policy match application any
set security policies from-zone trust to-zone untrust policy our-internet-policy then permit
set security policies from-zone untrust to-zone trust policy Test-Trusted match source-address any
set security policies from-zone untrust to-zone trust policy Test-Trusted match destination-address 10.10.20.199
set security policies from-zone untrust to-zone trust policy Test-Trusted match application junos-http
set security policies from-zone untrust to-zone trust policy Test-Trusted match application RDP
set security policies from-zone untrust to-zone trust policy Test-Trusted match application junos-dns-udp
set security policies from-zone untrust to-zone trust policy Test-Trusted match application junos-icmp-ping
set security policies from-zone untrust to-zone trust policy Test-Trusted match application junos-ping
set security policies from-zone untrust to-zone trust policy Test-Trusted match source-identity any
set security policies from-zone untrust to-zone trust policy Test-Trusted match dynamic-application any
set security policies from-zone untrust to-zone trust policy Test-Trusted then permit
set security policies from-zone untrust to-zone trust policy our-deny-policy match source-address any
set security policies from-zone untrust to-zone trust policy our-deny-policy match destination-address any
set security policies from-zone untrust to-zone trust policy our-deny-policy match application any
set security policies from-zone untrust to-zone trust policy our-deny-policy then deny
set security policies pre-id-default-policy then log session-close
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic system-services ssh
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces irb.0
set security zones security-zone trust interfaces ge-0/0/7.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set protocols rstp interface all
set routing-options static route 0.0.0.0/0 next-hop XXX.182.144.1
------------------------------
JAY ECHOUAFNI
------------------------------