NAT Global Address Book Overview

In Junos OS Release 11.2 and later releases, the address book is moved from the zone level to the device global level. This permits objects to be used across many zones and avoids inefficient use of resources. This change also permits nested groups to be configured within the address book, removing redundancy from repeating address objects.

The Security Director application manages its address book at the global level, assigning objects to devices that are required to create policies. If the device is capable of using a global address book, Security Director pushes address objects used in the policies to the device global address book. Nested address group capability is used in the publish and update feature of Security Director depending on the device capability.

Differences Between Global and Zone-Based Address Books

The global address book is supported in Junos OS Release 11.2 and later releases.

NoteĀ Beginning in Junos OS Release 12.1, zone-based address books are no longer supported. Devices running Junos OS Release 12.1 or later must use the global address book.

NoteĀ Beginning in Junos OS Release 11.2, NAT rules can use address objects from the global address book. However, Security Director will still continue to define the NAT address in the rule itself rather than referring to the global address book.