Please assist or point me in the right direction, having trouble understanding how to migrate my current NAT rules to junos, my lack of fully understanding all the NAT types isn't helping. Learning as I go
Following is my config off the sonicwall (single website example), I'm not sure how to translate that into source/dest/static NAT on juniper. I have all the address objects, security zones and interfaces created
|
|
|
|
|
|
|
|
|
|
|
Purpose |
IP Source |
IP Destination |
Service (Port) |
Interface |
|
|
Original |
Translated |
Original |
Translated |
Original |
Translated |
Inbound |
Outbound |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
WAN Inbound Translations |
|
|
|
|
|
|
|
|
|
domain.com on DMZ2-Web1 |
192.168.x.xx-domain.com |
1.1.1.1-domain.com |
Any |
Original |
Any |
Original |
Any |
WAN |
|
domain.com on DMZ2-Web1 |
Any |
Original |
1.1.1.1-domain.com |
192.168.x.xx-domain.com |
HTTP-HTTPS |
Original |
WAN |
Any |
|
domain.com on DMZ2-Web1 |
All_C1DMZ_Subnets |
WAN Primary IP |
1.1.1.1-domain.com |
192.168.x.xx-domain.com |
HTTP-HTTPS |
Original |
Any |
Any |
|
Monitoring |
Any |
Original |
1.1.1.1-domain.com |
192.168.x.xx-domain.com |
junos-icmp-ping |
Original |
WAN |
Any |
In the sonicwall config, "WAN Primary IP" was an auto created address object that linked to the single firewall's external IP address. Now we are going to have multi-homed BGP with a block of IPs from ARIN. I assume the IP I map these NAT rules to needs to be a part of the IP block that fails over between ISPs? (active/passive BGP and SRX cluster setup)
Thank you