SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Lim
Contributor
Lim
Posts: 25
Registered: ‎10-06-2008
0
Accepted Solution

SRX firewall nat or route interface.

Options

‎10-06-2009 03:07 AM

Hi all,

 

In SRX series, do we have some thing like ScreenOS as below ?

 

set interface ethernet0/0 route

set interface ethernet0/1 nat

 

Or in SRX each every interface mode i cant change it ?

 

thank you

Message 1 of 4 (4,216 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 942
Registered: ‎01-10-2008
0

Re: SRX firewall nat or route interface.

Options

‎10-06-2009 04:10 AM

Hi Lim,

 

The SRX does not support interface natting. All natting has to be doen in the NAT policy. To simulate the same natting you can use this policy:

 

security {
    nat {
        source {
            rule-set outbound-source-nat {
                from zone trust;
                to zone untrust;
                rule default {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }

 

To enter this in your config:

 

set security nat source rule-set outbound-source-nat from zone trust
set security nat source rule-set outbound-source-nat to zone untrust
set security nat source rule-set outbound-source-nat rule default match source-address 0.0.0.0/0
set security nat source rule-set outbound-source-nat rule default then source-nat interface

And a commit of course.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 2 of 4 (4,212 Views)
 
Reply
Lim
Contributor
Lim
Posts: 25
Registered: ‎10-06-2008
0

Re: SRX firewall nat or route interface.

Options

‎10-06-2009 10:54 AM

hi,

 

thanks for the help. In SRX, if the interface i wan to be in "route mode", i just need not do any nat policy so the interface will be in route mode ?

 

Thank you

Meng Kiat

Message 3 of 4 (4,202 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 942
Registered: ‎01-10-2008

Re: SRX firewall nat or route interface.

Options

‎10-06-2009 01:37 PM

Hi,

 

in SRX there's no such thing as route mode or nat mode. If you like think of all interfaces as in route mode. On ScreenOS when trust interface is in NAT mode all traffic from trust zone to untrust is natted on Egress (untrust) interface with PAT. The nat policy I showed gives the same behaviour.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 4 of 4 (4,194 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.