SRX Services Gateway
Reply
Contributor
CNIDog
Posts: 164
Registered: ‎02-04-2008
0

Is NATbetween zones necessary on SRX

Do NAT rules need to be configured on an SRX firewall in order to pass traffic between different security zones?  Or, by default, will the SRX function like a ScreenOS firewall with all of its interface in "Route" mode.

 

Regards,

DAK
Trusted Expert
SSHSSH
Posts: 601
Registered: ‎11-21-2009
0

Re: Is NATbetween zones necessary on SRX

 

no, Nat rules are not needed to pass traffic

 

Security policies are needed

Contributor
CNIDog
Posts: 164
Registered: ‎02-04-2008
0

Re: Is NATbetween zones necessary on SRX

Thank you.  That is what I thought and what my testing seems to indicate.  But I am looking for an answer to some strange connectivity issues with an SRX cluster.

 

Regards,

DAK
Distinguished Expert
Screenie
Posts: 1,086
Registered: ‎01-10-2008
0

Re: Is NATbetween zones necessary on SRX

Hi.

 

to investigate connectivity issues traceing on security flow is big help.

 

set security flow traceoptions file my_logfile

set security flow traceoptions flags basic-datapath

set security flow traceoptions packet-filter my_filter  Some filter condition

commit

 

Run traffic

 

Look at he results with (run) show log ny_logfile

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.