SRX Services Gateway
SRX Services Gateway

NAT ratio on SRX

‎05-25-2014 11:46 PM

Hi all,

> We are currently facing an issue with the NAT, i.e our DNS server set the hitcount (max) is 325 meaning that within 01 second if there is more than 325 request coming from 01 public IP, it will reject. Therefore we have to limit the NAT ratio in FW, i.e to limit the number of private IP to be NAT to same public IP.
>
> My question is that, how does Junos control the value of NAT ratio, i.e private/same public IP? By:
> 1) set the port range as below example
> 2) or by another method?

 

> set security nat source pool NAT_IAC_1 address 27.67.0.0/20
> set security nat source pool NAT_IAC_1 address 27.67.32.0/21
> set security nat source pool NAT_IAC_1 port range 1024
> set security nat source pool NAT_IAC_1 port range to 1348
> set security nat source pool NAT_IAC_2 address 27.67.16.0/20
> set security nat source pool NAT_IAC_2 address 27.67.40.0/21
> set security nat source pool NAT_IAC_2 port range 1024
> set security nat source pool NAT_IAC_2 port range to 1348

 

Thanks.

BR/ Claire