This may be very simple question for you people bt i am not able to think why this is happening so asking your help or insight on the same .
I have an ip on trusted interface on srx and i have nated or to be precise i have done source NAT for this subnet to reach internet and the devices connected under this subnet are able to reach to internet but my question is will i be able to ping to ips like of google dns or any other ip on the internet from the trusted firewall interface ip configured on the firewall interface if yes how and if not why
It depends on if the interface IP address is included in your source NAT statement and if you have a policy to permit the traffic. If so, you should be able to. If you were to just do "ping 220.127.116.11", it should use the public interface though.
Yes , i do have the interface ip included in the subnet bt still interface ip not able to reach the internet and i have the rule already as the devices which are the subnet are able to reacg internet .
As updated earlier my query has been answered and i tested and it works fine but my doubt is i dont have a rule for junos host from trust to untrust but the rule i have configured earlier is for remote access to junos host from untrust so that i can access junos remotely so how come only nating made trust interface ip on the junos reach the internet .
By default access outbound from junos-host is always permitted so no configuration as needed to allow outbound ping from the SRX.
For inbound connections to the SRX permissions are granted based on the zone configuration under host inbound traffic. If the service or protocol is permitted by the zone setting then it allows all inbound to the SRX by default.
You only need to configure security policy with the junos-host zone if you want to override these settings to either restict outbound traffic from the default allow all. Or restrict inbound traffic by ip address instead of just protocol or service.
Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) http://puluka.com/home