The NAT trace options hierarchy configures trace file and flags
for verification purposes. J Series and SRX Series devices have two
main components. Those are the Routing Engine (RE) and the Packet
Processing Engine (PFE). The PFE is divided into the ukernel portion
and the real-time portion. For verification, you can turn on flags
individually to debug NAT functionality on the RE, ukernel PFE, or
real-time PFE. The trace data is written to/var/log/security-trace by default.
 |
Note: If session logging has been enabled in the policy configurations on the device, the session logs will include specific NAT details for each session. See Monitoring Policy Statistics for information on how to enable session logging and Information Provided in Session Log Entries for a description of information provided in session logs. |
- user@host# set security nat traceoptions flag
all
- user@host# set security nat traceoptions flag
destination-nat-pfe
- user@host# set security nat traceoptions flagdestination-nat-re
- user@host# set security nat traceoptions flag
destination-nat-rti
- user@host# set security nat traceoptions flag
destination-nat-pfe
- user@host# set security nat traceoptions flag
source-nat-pfe
- user@host# set security nat traceoptions flag
source-nat-re
- user@host# set security nat traceoptions flag
source-nat-rt
- user@host# set security nat traceoptions flag
static-nat-pfe
- user@host# set security nat traceoptions flag
static-nat-re
- user@host# set security nat traceoptions flag
static-nat-rt
