Hello,
I'm new to Juniper and need to set-up some static NAT's on my SRX240. I have reached my limit of 8 rules for Dynamic NAT's so this is why I'm now trying to create a static NAT.
I'm trying to allow inbound access for a webserver (port 80) sitting in my DMZ (untrust).
Is the following config corrrect?
1) Proxy ARP
proxy-arp {
interface vlan.1 {
address {
218.180.50.22/32;
}
}
}
2) Static Nat
static {
rule-set S-NAT-1000 {
from zone untrust;
rule S-NAT-rule-1000 {
match {
destination-address 218.180.50.22/32/32;
}
then {
static-nat prefix 10.10.20.5/32;
}
}
}
}
3) Policy Rule
from-zone untrust to-zone DMZ {
policy Website {
match {
source-address any;
destination-address WebServer;
application junos-http;
}
then {
permit;
}
}
So I set the Proxy-ARP to allow the external IP to respond. I then set the static IP address mapping External to Internal. Lastly I set the policy to alloy only port 80 from the Untrust zone to mey DMZ for the webserver. Is this all correct.
Thank you.
Warwick.