SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Services > Nat > Rule?

    Posted 02-27-2019 07:04

    I'm trying to follow the docs here and here.  Both reference a `rule` directly below the Services/Nat context

    [edit services nat]
rule rule-name {
    [edit services nat]
user@host# set rule rule-dnat44 match-direction input term t1 from destination-address 20.20.20.20

     

    However, when I try to apply a similar config on my srx240, I get a warning:

    The configuration could not be un-locked.

Error(s): 
1) syntax error
2) error recovery ignores input until this point

Warning(s): 
1) rule
2) }

     

    Here is the entire `services` section of my config:

    services {
  flow-monitoring {
    version9 {
      template IPv4Test {
        ipv4-template;
      }
    }
  }
  application-identification;
  nat {
    rule testRule {
      term testTerm {
        from {
          destination-address <WAN IP>/32;
        }
        then {
          destination-prefix 192.168.1.22/32;
        }
      }
    }
  }
}

     

    If I remove the rule it works fine.



  • 2.  RE: Services > Nat > Rule?
    Best Answer

    Posted 02-27-2019 07:40

    The configuration examples you are referring is for M/MX/T/ACX series devices. Please check platform support in those links.

    In SRX nat is configured under "security" stanza. Please refer this KB for more NAT configuration examples.

    https://kb.juniper.net/library/CUSTOMERSERVICE/technotes/Junos_NAT_Examples.pdf

     



  • 3.  RE: Services > Nat > Rule?

    Posted 02-27-2019 07:43

    Ooops!  Thanks.