Klaus,
Thank you for your reply. I am trying to configure servers within my DMZ and on my Internal network to accept connections from the Internet. I will have web servers, FTP servers, and SMTP servers in the DMZ that will be accessed from the Internet. And I will have servers on my Internal network that will also have connections from the Internet. I also need to do at least one static mapping for the mail server on my Internal network so that reverse DNS lookups will work when I send mail out to the Internet.
In ScreenOS this was easy: create a MIP that will do bi-directional NAT and then create Untrust-to-Trust policies, using the MIP as the destination address for incoming packets, and assign protocols as needed.
This logic seems different for the SRX. In the SRX policy definition, I would think that the source address would be "any", since it's coming from the Internet, and the destination address would be the server's public address, since that is the address the user is targeting.
Following that logic, I am using the J-Web GUI to create Policy Elements in the Untrust zone and assigning them the public addresses of the servers. But then I can't use these elements in my policies, because they show up in the source address window, not the destination address window. The logic seems backward.
I have read some of the documentation, but I'm still not certain.
Regards,
Dan