Is NATbetween zones necessary on SRX

CNIDog · ‎02-04-2008

Do NAT rules need to be configured on an SRX firewall in order to pass traffic between different security zones? Or, by default, will the SRX function like a ScreenOS firewall with all of its interface in "Route" mode.

Regards,

DAK

SSHSSH · ‎11-21-2009

no, Nat rules are not needed to pass traffic

Security policies are needed

CNIDog · ‎02-04-2008

Thank you. That is what I thought and what my testing seems to indicate. But I am looking for an answer to some strange connectivity issues with an SRX cluster.

Regards,

DAK

Screenie · ‎01-10-2008

Hi.

to investigate connectivity issues traceing on security flow is big help.

set security flow traceoptions file my_logfile

set security flow traceoptions flags basic-datapath

set security flow traceoptions packet-filter my_filter Some filter condition

commit

Run traffic

Look at he results with (run) show log ny_logfile

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

Is NATbetween zones necessary on SRX

Re: Is NATbetween zones necessary on SRX

Re: Is NATbetween zones necessary on SRX

Re: Is NATbetween zones necessary on SRX