Hi, I am using an srx3400 chassis cluster and I have configured reth0 to be in the untrust zone. I want to perform pool based source NAT for many subnets on the inside network. I am wondering about the Proxy ARP, the subnet of the pool I am using is different from the subnet of the reth0. do I still have to configure Proxy ARP???? please find below my configuration:
set security nat source pool Internet-Pool address 109.223.35.248/29
set security nat source rule-set PAT1 from zone trust
set security nat source rule-set PAT1 to zone untrust
set security nat source rule-set PAT1 rule 1 match source-address [10.122.0.0/17 10.101.0.0/17 10.112.0.0/15 10.100.0.0/16 10.110.0.0/16 10.18.0.0/15 10.20.0.0/15 172.0.0.0/8]
set security nat source rule-set PAT1 rule 1 match destination-address 0.0.0.0/0
set security nat source rule-set PAT1 rule 1 then source-nat pool Internet-Pool
set security nat source address-persistent
set security nat proxy-arp interface reth0 address 109.223.35.249 to 109.223.249.54
is this configuration correct? by the way is there any way to group the addresses between [ ] so they look in a nice format??
Thank you for helping me.