SRX Services Gateway
SRX Services Gateway

Is NATbetween zones necessary on SRX

06.01.10   |  
‎06-01-2010 08:29 AM

Do NAT rules need to be configured on an SRX firewall in order to pass traffic between different security zones?  Or, by default, will the SRX function like a ScreenOS firewall with all of its interface in "Route" mode.

 

Regards,

DAK
3 REPLIES
SRX Services Gateway

Re: Is NATbetween zones necessary on SRX

06.01.10   |  
‎06-01-2010 09:50 AM

 

no, Nat rules are not needed to pass traffic

 

Security policies are needed

Highlighted
SRX Services Gateway

Re: Is NATbetween zones necessary on SRX

06.01.10   |  
‎06-01-2010 07:03 PM

Thank you.  That is what I thought and what my testing seems to indicate.  But I am looking for an answer to some strange connectivity issues with an SRX cluster.

 

Regards,

DAK
SRX Services Gateway

Re: Is NATbetween zones necessary on SRX

06.05.10   |  
‎06-05-2010 03:20 PM

Hi.

 

to investigate connectivity issues traceing on security flow is big help.

 

set security flow traceoptions file my_logfile

set security flow traceoptions flags basic-datapath

set security flow traceoptions packet-filter my_filter  Some filter condition

commit

 

Run traffic

 

Look at he results with (run) show log ny_logfile

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.