Hmm. Maybe I'm not completely understanding, because what I've tried isn't working:
root@tdsfw01> show configuration security zones security-zone trust
address-book {
address mercury 192.168.168.202/32;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
vlan.100;
vlan.69;
}
root@tdsfw01> show configuration security nat destination
pool mercury {
address 192.168.168.202/32 port 22;
}
root@tdsfw01> show configuration security policies from-zone untrust to-zone trust
policy untrust-to-trust {
match {
source-address any;
destination-address mercury;
application ssh-2468;
}
then {
permit;
log {
session-init;
}
count;
}
}
Then looking at the counters I see no activity after external testing:
root@tdsfw01> show security policies from-zone untrust to-zone trust detail
Policy: untrust-to-trust, action-type: permit, State: enabled, Index: 6, Scope Policy: 0
Policy Type: Configured
Sequence number: 1
From zone: untrust, To zone: trust
Source addresses:
any-ipv4: 0.0.0.0/0
any-ipv6: ::/0
Destination addresses:
mercury: 192.168.168.202/32
Application: ssh-2468
IP protocol: tcp, ALG: 0, Inactivity timeout: 1800
Source port range: [0-0]
Destination port range: [2468-2468]
Session log: at-create
Policy statistics:
Input bytes : 0 0 bps
Output bytes : 0 0 bps
Input packets : 0 0 pps
Output packets : 0 0 pps
Session rate : 0 0 sps
Active sessions : 0
Session deletions: 0
Policy lookups : 0
Thanks,
Ken