Security

hello all,

 

i have nsm with version 2010.4

i have srx -650 with version 10.4r3.4

 

i received this error when i try to check the configuration under security-nat-(source, static, destination)

 

I want to know how i can fix this error.

 

Thanks

 

Edgart

 

 

It looks like you are using Central policy mode. Hence you can not create a in-device nat policy. You need to add you NAT rules in your central policy. Select your firewall policy in NSM and use the plus button in the upper right window corner right below the Juniper logo. Pressing that plus button will reveal options to add a NAT policy to your firewall policy. Use that. The rest will be self-explanatory.

 

Sascha

Cool!

 

Thanks

Hello,

I'm using NSM version 2011.4
SRX650 Virtual Chasses, OS version 11.4, Central Policy Mode.

When I click the plus sign, then I see the options:

Add global Firewall Rulebase
Add Multicast Rulebase
Add IDP Rulebase
Add Application Rulebase
Add Backdoor Rulebase
Add SYN Protected Rulebase
Add Traffic Anomalies Rulebase
Add Network Honeypot Rulebase

Where can I find "NAT policy"?

 

It should be there, you used the right button.

Can you check if you already had a NAT configuration in your SRX when you first imported it? Because this will be tucked away inside the device config and not the policy, and I wouldn't be surprised if for that reason NSM hides the NAT policy option (which I'd consider a bug).

Yes, I had configured NAT before import. I'll try to remove device from NSM and then reimport without NAT.

I was previously in "Domain Admin" role and I got problem solved then my partner added my NSM account to "System Administrator" (full permissions) role.
I have to mention that without "System Administrator" role I got strange errors then I manipulate with NAT objects.