Hey all you helpful folks, this should be an easy one.
First, some background:
I was asked to setup the networking for an Exchange server. It's in a DMZ security zone and I initially setup destination NAT to translate only SMTP and HTTPS traffic to it. The outgoing address, however, was not the public IP I wanted to use for mail, so I instead setup a static NAT and that fixed the outgoing address issue.
My questions:
1. Is there a security or performance drawback to using static NAT instead of source + destination NAT? Obviously I'm still using security policies to only allow incoming ports 25 and 443, but the other traffic now makes it past NAT to the policy on the flow.
2. Is there a better or documented way to setup the typical exchange server behind an SRX that I'm just unable to locate?
Thanks!
Joe