Hello,
The config looks good to me.
Could be a return routing issue as well.
Please do check the sessions and see if session table is being built? if yes then we are not blocking anything.
You may take flow traces to confirm the processing of outgoing packet and incoming packet( if there is any )
set security flow traceoptions file FLOWTRACE size 10m
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter pf1 source-prefix x.x.x.x
set security flow traceoptions packet-filter pf1 destination-prefix x.x.x.x
set security flow traceoptions packet-filter pf2 source-prefix x.x.x.x
set security flow traceoptions packet-filter pf2 destination-prefix x.x.x.x
commit and-quit
> show log FLOWTRACE
Regards,
------------------------------
Brijil R
------------------------------
Original Message:
Sent: 02-03-2023 20:19
From: silverstr8p
Subject: SRX-240 all DMZ traffic exit specific IP
I'm setting up a DMZ where 192.168.10.0/24 in zone dmz should nat and be seen to be coming from 1.2.3.5/27, but it's not working. If I use source nat interface it works, but just comes out 1.2.3.2/27, the default WAN connection. Here's what I have:
set security nat proxy-arp interface ge-0/0/0.0 address 1.2.3.5/32set security nat source pool dmz1 address 1.2.3.5/32set security nat source rule-set dmz from zone dmz1set security nat source rule-set dmz to zone untrustset security nat source rule-set dmz rule match source-address 192.168.20.0/24set security nat source rule-set dmz rule dmz match destination-address 0.0.0.0/0set security nat source rule-set dmz rule dmz then source-nat pool dmz1