SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  How to check what exactly fail on static nat?

    Posted 05-19-2016 01:33

    Hi all,

     

    Can someone show the command that can use to check what session failed as per below log?

     

    {primary:node0}
    router> show security nat static rule all
    node0:
    --------------------------------------------------------------------------
    Total static-nat rules: 1
    Total referenced IPv4/IPv6 ip-prefixes: 2/0

    Static NAT rule: HOST Rule-set: RS
    Rule-Id : 1
    Rule position : 1
    From zone : INTERNET
    Destination addresses : x.x.x.x
    Host addresses : x.x.x.x
    Netmask : 32
    Host routing-instance : N/A
    Translation hits : 700
    Successful sessions : 400
    Failed sessions : 61 -------------------------> how to check this
    Number of sessions : 23

     

     

    Thanks and appreciate some one feedback



  • 2.  RE: How to check what exactly fail on static nat?

     
    Posted 05-19-2016 18:40

    Hello ,

     

    The failed session in NAT rule is when the traffic is hit with Static NAT rule and failed in policy lookup of route lookup . There is no specilized command to view failed session . Only if its getting dropped by policy we can view it in  po9licy logging output file . For that you need to enable policy logging .

    Other than this we cannot view them in the firewall .