SRX

Hey all you helpful folks, this should be an easy one.

First, some background:
I was asked to setup the networking for an Exchange server.  It's in a DMZ security zone and I initially setup destination NAT to translate only SMTP and HTTPS traffic to it.  The outgoing address, however, was not the public IP I wanted to use for mail, so I instead setup a static NAT and that fixed the outgoing address issue.  

My questions:

1.  Is there a security or performance drawback to using static NAT instead of source + destination NAT?  Obviously I'm still using security policies to only allow incoming ports 25 and 443, but the other traffic now makes it past NAT to the policy on the flow.

2. Is there a better or documented way to setup the typical exchange server behind an SRX that I'm just unable to locate?

Thanks!

Joe

Hello Joe ,

1.  Is there a security or performance drawback to using static NAT instead of source + destination NAT?  Obviously I'm still using security policies to only allow incoming ports 25 and 443, but the other traffic now makes it past NAT to the policy on the flow.

> That should not be a problem since it will be checked during policy lookup . Static NAT is a good option .

2. Is there a better or documented way to setup the typical exchange server behind an SRX that I'm just unable to locate?

> Generally we configure Static NAT to  connect to servers ( Exchange/Web) behind the SRX if need to be accessed from Public network . So what you have done is a typical way of doing it .

Thanks for the confirmation!