I; struggling to understand what is wrong with my conf.
I'm configurig a nat destination rule:
set security nat destination rule-set PFW-RASPI rule PFW-8080 match source-address-name ASET-YOTI-OFFICE
but when I commit:
root@SRX210# commit [edit security nat destination rule-set PFW-RASPI rule PFW-8080 match] 'source-address-name ASET-YOTI-OFFICE' Can not find address/address-set(ASET-YOTI-OFFICE) in default global address book error: configuration check-out failed
However I have that address book configured
root@SRX210# show | display set | match ASET-YOTI-OFFICE set security address-book YOTI-OFFICE address-set ASET-YOTI-OFFICE address YOTI-1 set security address-book YOTI-OFFICE address-set ASET-YOTI-OFFICE address YOTI-2
Question 1: What is the reason of that error?
Question 2: Why JunOS gives the opportunity to restrict the access to a range of IP under NAT as well as under the security policy for that nat rule? What is the difference?
Suppose your internal Server IP address is 192.168.1.10 and you have a public IP from the ISP, suppose 220.127.116.11.
You want to host various applications on the internal server working on different ports, and want them accessible from the internet.
You create a static NAT between 192.168.1.10 and 18.104.22.168. This essentially means that all ports on 22.214.171.124 are translated to all ports on 192.168.1.10.
However, currently you have only one single port on the internal server which is running an application. Hence, you create a security policy to allow just that one port from the Internet Zone to the Server Zone and thus blocking access to all the other ports on that IP despite of having a NAT for all the ports.