Hello,
I migrated a Juniper 5GT config to a SRX210 and I can confirm that the migration tool wasn't as helpful as intended.
I used a rule-set for SNAT, because I had to SNAT two different subnets.
nat {
source {
rule-set SNAT_Internal_to_Internet {
description "SNAT internal to internet";
from zone Internal;
to zone Internet;
rule SNAT_192_168_1_0 {
description "SNAT for bla";
match {
source-address 192.168.1.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
rule SNAT_192_168_2_0 {
description "SNAT for blub";
match {
source-address 192.168.2.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
Hope this helps.
DNAT (destination NAT) is a bit different from port forwarding, which is called PAT (Port and Address Translation). DNAT is used to translate ip addresses. PAT is used to translate ip addresses and port numbers. So to be precise, DNAT and port forwarding (PAT) are two different things. With proxy ARP a router can answer ARP requests for hosts, that aren't able to answer those ARP requests. Think about two network segments which are separated by a router. If the proxy ARP is enabled for both segments, the router will answer ARP requests with his mac-address and the clients will send their traffic to the router.