Message Image

Skip main navigation (Press Enter).

SRX

last person joined: 20 hours ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

Junos Security First path

Jump to Best Answer

Erdem01-14-2012 03:13

according to : http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swconfig-security/first-packet-path-processing.html ...

p.k01-14-2012 04:56Best Answer

Hi In "show security flow session", you will see all addresses (pre- and post- translated): ...

Erdem01-15-2012 01:40

1. Junos Security First path

0 Recommend
Erdem
Posted 01-14-2012 03:13

Reply Reply Privately
according to :
http://www.juniper.net/techpubs/software/junos-es/junos-es93/junos-es-swconfig-security/first-packet-path-processing.html

i see that the session creation comes after the DNAT / SNAT processing , does it mean the that the session entry would contain the Public IP of the source ( if SNATed ) and the private IP of the destination ( if DNATed ) ?
2. RE: Junos Security First path
Best Answer

0 Recommend
p.k
Posted 01-14-2012 04:56

Reply Reply Privately
Hi

In "show security flow session", you will see all addresses (pre- and post- translated):

In: sip/sport pre-tr -> dip/dport pre-tr
Out: dip/dport post-tr -> sip/sport post-tr

Here, sip=source ip, etc. Also a mnemonyc rule:

“\” don’t match => S-NAT is done
“/” don’t match => D-NAT is done
3. RE: Junos Security First path

0 Recommend
Erdem
Posted 01-15-2012 01:40

Reply Reply Privately
Thanks ! 🙂

Powered by Higher Logic