hello guys, following example from this link:
http://www.juniper.net/documentation/en_US/junos12.2/topics/example/nat-security-static-single-address-translation-configuring.html
it has this config:
set security nat static rule-set rs1 from zone untrust
set security nat static rule-set rs1 rule r1 match destination-address 1.1.1.200/32
set security nat static rule-set rs1 rule r1 then static-nat prefix 192.168.1.200/32
set security nat proxy-arp interface ge-0/0/0.0 address 1.1.1.200/32
set security address-book global address server-1 192.168.1.200/32
set security policies from-zone trust to-zone untrust policy permit-all match source-address server-1
set security policies from-zone trust to-zone untrust policy permit-all match destination-address any
set security policies from-zone trust to-zone untrust policy permit-all match application any
set security policies from-zone trust to-zone untrust policy permit-all then permit
set security policies from-zone untrust to-zone trust policy server-access match source-address any
set security policies from-zone untrust to-zone trust policy server-access match destination-address server-1
set security policies from-zone untrust to-zone trust policy server-access match application any
set security policies from-zone untrust to-zone trust policy server-access then permit
but it also shows this one:
set rule-set rs1 from zone untrust
set rule-set rs1 rule r1 match destination-address 1.1.1.200/32
set rule-set rs1 rule r1 then static-nat prefix 192.168.1.200/32
set proxy-arp interface ge-0/0/0.0 address 1.1.1.200
set address server-1 192.168.1.200/32
set policy server-access match source-address any destination-address server-1 application any
set policy server-access then permit
set policy permit-all match source-address server-1 destination-address any application any
set policy permit-all then permit
So what's the difference between the two?
Which one should be used on the production?
Thank you.