SRX Services Gateway
Highlighted
SRX Services Gateway

Access WEB SERVER behind SRX300 from from INTERNET

‎09-19-2019 08:38 PM

How to access WEB Server (192.168.20.2) in Server zone  from Internet.

my Public IP is x.x.x.x

What i need to configure in SRX?

my diagram:

Capture3.PNG

appreciate!

9 REPLIES 9
Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-19-2019 08:48 PM

You may configure destination nat or static nat to access the server from Internet. Please refer the KB, page no.8 for destination nat and page no.13 for static nat. 

https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 12:08 AM

@

Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 12:13 AM

That depends. If you have public IP configured/available only in router, you have to configure NAT on router.

 

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 12:20 AM

Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 01:36 AM

If you have free public IP and if you can do route change in Router, NAT can be configured for that IP in Firewall. If you dont have any control on Router configuration, I think it will be difficult to achieve what you want.

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 01:44 AM

@ in case, in can configure route on Router so what i need to do?

Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 01:48 AM

Add /32 route for the free public ip towards SRX and then configure NAT as per the KB given earlier. 

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-20-2019 02:03 AM

@ thank you. i will try it.

Highlighted
SRX Services Gateway

Re: Access WEB SERVER behind SRX300 from from INTERNET

‎09-30-2019 12:01 PM

for destination NAT, you also will have to use proxy-arp on outside interface ( for the SRX to respond to requests coming in for the servers in the inside zone) .. https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-nat-destination.html