Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Applying NAT Rules


After installing CSO, you must apply NAT rules.

For standalone deployment—

This is applicable only if you have the standard standalone topology.

Figure 1: Standard Standalone Deployment
Standard Standalone Deployment
  1. Log in to the BMS as root.
  2. Run the following command from the CSO home directory:

    cd ci_cd# ./


Once the BMS gets rebooted, re-run the script in the step 2 to repopulate the iptables.

For HA deployment—

Note script is not supported for the HA deployment.

To review the details on the ports, see Minimum Requirements for Servers and VMs:Table 5.

Run ./ script to find the IP addresses for each component.

root@startupserver_1:~/Contrail_Service_Orchestration_5.1.1# ./

Configure next-hop at the gateway for VRR public IP addresses (for example—10.x.x.3 and 10.x.x.4) to point to the SRX IP address (for example—10.x.x.2).

  • Here is the NAT configuration for any public facing device:

    NAT configuration

  • The following configuration is only applicable if you have SRX as your firewall. Apply similar rules if you have any other third party firewall.

    Sample SRX config