I have a cabinet full of servers that were using the DMZ zone so that all servers could have public IPs. We now need to set up private VMs on private IPs that map to a public IP inside this same DMZ zone. We discovered that we could do this by setting up each public IP that needed to be routed this way by setting it up as a DIP in the DMZ zone. See:
http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/Can-the-SSG140-do-DMZ-and-NAT-PAT-on-the-same-interface/m-p/208003
This question probably doesn't need to be asked, but because I'm planning a big project based on this ability, I need to be sure I'm not going to run into an unforeseen limitation. Over the couse of the next couple of years, I could see adding a few dozen of these DIPs (Type = Port-Xlate), each for a single IP. Just so there's no confusion here's a screenshot of what I'm looking to add a lot more of:
Is there a limit on the number of them that can be added to an interface?