rule-set (Security Static NAT)
语法
rule-set rule-set-name {
description text;
from {
interface [interface-name];
routing-group [routing-group-name]];
routing-instance [routing-instance-name];
zone [zone-name];
}
rule rule-name {
description text;
match {
(destination-address ip-address | destination-address-name address-name);
destination-port (port | low to high);
source-address ip-address;
source-address-name address-name;
source-port (port or low <to high>);
}
then {
static-nat {
inet {
routing-instance (default | routing-instance-name);
}
prefix {
address-prefix;
mapped-port lower-port-range to upper-port-range;
routing-instance (default | routing-instance-name);
}
prefix-name {
address-prefix-name;
mapped-port lower-port-range to upper-port-range;
routing-instance (default | routing-instance-name);
}
rule-session-count-alarm (raise-threshold value | clear-threshold value);
}
}
}
}
层次结构级别
[edit security nat static]
描述
为静态 NAT 配置一组规则。
所需权限级别
安全性 - 在配置中查看此语句。
安全控制 — 将此语句添加到配置中。
发布信息
在 Junos OS 9.6 版中修改的语句。 Junos OS 12.1 版中添加的说明选项。Junos OS 版本 12.1X45-D10 中添加的 rule-session-count-alarm、 source-address、 source-address-name和 source-port 选项。
该 routing-group 选项已添加到 Junos OS 22.2R1 版中。