Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQs
Release Notes
Contents  

NAT Overview

Network Address Translation (NAT) is a form of network masquerading where you can hide devices between the zones or interfaces. A trust zone is a segment of the network where security measures are applied. It is usually assigned to the internal LAN. An untrust zone is the Internet. NAT modifies the IP addresses of the packets moving between the trust and untrust zones.

Whenever a packet arrives at the NAT device, the device performs a translation on the packet’s IP address by rewriting it with an IP address that was specified for external use. After translation, the packet appears to have originated from the gateway rather than from the original device within the network. This helps you hide internal IP addresses from the other networks and keep your network secure.

Using NAT also allows you to use more internal IP addresses. Because these IP addresses are hidden, there is no risk of conflict with an IP address from a different network. This helps you conserve IP addresses.

Junos Space Security Director supports three types of NAT:

Table 1 shows the persistent NAT support for different source NAT and destination NAT addresses.

Table 142: Persistent NAT Support

Source NAT Address

Translated Address

Destination NAT

Address

Persistent NAT

IPv4

IPv6

IPv4

No

IPv4

IPv6

IPv6

No

IPv6

IPv4

IPv4

Yes

IPv6

IPv6

IPv6

No

Table 2 and Table 3 show the translated address pool selection for source NAT, destination NAT, and static NAT addresses.

Table 143: Translated Address Pool Selection for Source NAT

Source NAT Address

Destination Address

Pool Address

IPv4

IPv4

IPv4

IPv4

IPv6 - Subnet must be greater than 96

IPv6

IPv6

IPv4

IPv4

IPv6

IPv6

IPv6

Table 144: Translated Address Pool Selection for Destination NAT And Static NAT

Source NAT Address

Destination Address

Pool Address

IPv4

IPv4

IPv4 or IPv6

IPv4

IPv6 - Subnet must be greater than 96

IPv4 or IPv6

IPv6

IPv4

IPv4

IPv6

IPv6

IPv4 or IPv6

Junos Space Security Director provides you with a workflow where you can create and apply NAT policies on devices in a network.

Security Director views each logical system as any other security device and takes ownership of the security configuration of the logical system. In Security Director, each logical system is managed as a unique security device.

Note: If the root logical system is discovered, all other user logical systems inside the device, will also be discovered.

Because an SRX Series logical system device does not support interface NAT, Security Director also does not allow interface NAT configuration of logical system. The logical system cannot participate in group NAT in Security Director. For a device NAT policy, the interface based translation selection and pool with Overflow Pool as interface are not supported in logical systems. The configuration is validated during the publishing of the NAT policy to avoid commit failures in the device.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit