SRX Services Gateway
SRX Services Gateway

Problem with traffic from trusted to dmz (public ip, not nat-ed ip)

‎10-16-2013 04:12 AM

I have a problem when I try to access a server which is in the DMZ network in my firewall the traffic does not come through, but when going against the NAT:ed address it works just fine.


This works: (trusted) -> (DMZ)


This does not: (trusted) -> (DMZ)


I have a SRX650 cluster running version 11.4R9.4


What could be the problem?

SRX Services Gateway

Re: Problem with traffic from trusted to dmz (public ip, not nat-ed ip)

‎10-16-2013 03:47 PM

Try this:

Local traffic is not evaluated for NAT. Do you have a layer 2 device in the mix? If switch is in the mix, then a source NAT rule fro local host to create a reverse NAT from destination host would be teh solution
Add a NAT rule set so that local traffic is evaluated for NAT

edit security nat destination]
huser@srx650# show
pool dmz-Server {
rule-set To-dmz-Server {
from zone trust;
rule to-dmz-Server1 {
match {
destination-port <##> (or use any);
then {
destination-nat pool dmz-Server

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]