SRX Services Gateway
Highlighted
SRX Services Gateway

Port Forward SRX550

[ Edited ]
‎06-05-2018 01:53 AM

pf.png

I just want taweb to accessible in public (https://122.2.32.4:4811).

I tried this config but didn't work. please help.

set security zones security-zone LAN1 address-book address taweb 10.10.10.10/32

set applications application junos-https protocol tcp

set applications application junos-https destination-port 4811
set security nat destination pool dnat-taweb address 10.10.10.10/32

set security nat destination pool dnat-taweb address port 4811

set security nat destination rule-set dst-nat from zone WAN

set security nat destination rule-set dst-nat rule rule2 match destination-address 122.2.32.4/32

set security nat destination rule-set dst-nat rule rule2 match destination-port 4811

set security nat destination rule-set dst-nat rule rule2 then destination-nat pool dnat-taweb

set security policies from-zone WAN to-zone LAN1 policy WAN-to-LAN1 match source-address any

set security policies from-zone WAN to-zone LAN1 policy WAN-to-LAN1 match destination-address taweb

set security policies from-zone WAN to-zone LAN1 policy WAN-to-LAN1 match application junos-https

set security policies from-zone WAN to-zone LAN1 policy WAN-to-LAN1 then permit

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Port Forward SRX550

‎06-05-2018 03:02 AM

Do you have proxy arp setup for ge-0/0/0

 

set interface ge-0/0/0 unit 0 proxy-arp 122.2.32.4/32

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: Port Forward SRX550

‎06-05-2018 07:04 AM

To troubleshoot please initiate a session and check translation hits counter

show security nat destination rule rule2

and session information

show security flow session destination-port 4811

btw. redefining default applications is not a best practice. You should use different name than junos-https

 

Regards, Wojtek

Highlighted
SRX Services Gateway

Re: Port Forward SRX550

‎06-05-2018 07:37 PM

Thanks alot folks.

Now working.

Feedback