SRX Services Gateway
SRX Services Gateway

SRX100 - Problem for modifiy a static NAT

[ Edited ]
08.11.17   |  
‎08-11-2017 01:28 PM

Hi everyone !


One of my client have a srx100 Juniper and i meet a problem for replace a static NAT.


To the juniper, a technician have create a static NAT 2 years ago (in the menu NAT → Static NAT) . The technician have NAT a WAN public address to a LAN private address.


The technician have create this static NAT : WAN address: → LAN address (SRV-02).


This static NAT permit to ping and to have access to the




Today, i would like to replace this static NAT by this :


WAN address: → LAN address (SRV-02).


But when i try to modify this static NAT, my Wan PC wont to ping and have access to the




I have copy and apply the sames policy of the SRV-01 for the new SRV-02.


Thank you for your help.


i'm sorry for the size pictures, i have attached a .PDF of the 2 pictures if you want Smiley Happy .




SRX Services Gateway

Re: SRX100 - Problem for modifiy a static NAT

08.12.17   |  
‎08-12-2017 06:22 AM

In addition to the change of the Static NAT policy, you must also update the sercurity policy that permits the traffic.


NAT is under 

security > NAT > Static


Security will be organized by zone


security > policies > from-zone untrust to-zone trust (or your internal zone name post nat)


see the full example on page 13 here

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
SRX Services Gateway

Re: SRX100 - Problem for modifiy a static NAT

08.13.17   |  
‎08-13-2017 09:30 AM

Hi Steve Puluka,


Thank you for your answer.


I have checked :

- Policies from-zone untrust to-zone trust → All is openned

- Policies from-zone trust to-zone untrust → All is openned 

-The best practices of the static NAT configuration (page 13) → All it's OK


Someone have an other proposition ?


Thank you.

SRX Services Gateway

Re: SRX100 - Problem for modifiy a static NAT

08.13.17   |  
‎08-13-2017 07:44 PM

Access the cli and from the cli, enter this command and then use the temporary commit, to verify that it works then commit a second time before expiration on temp window to apply it permanently

user@srx100# replace pattern with

commit confirmed 8

Test if all works, then if satisfied, enter commit within 8 minutes.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
SRX Services Gateway
Accepted by topic author jostir
‎08-13-2017 11:36 PM

Re: SRX100 - Problem for modifiy a static NAT

08.13.17   |  
‎08-13-2017 11:35 PM
Hi everyone,

I have finaly found the solution. On the srv-02, the service windows firewall be crashed. I have restart the service and the access be possible.

Thank you again for your help.