Creating NAT Rules
NAT processing centers on the evaluation of NAT rule sets and rules. A rule set determines the overall direction of the traffic to be processed. Once a rule set that matches the traffic has been found, each rule in the rule set is evaluated in order for a match. NAT rules can match on the following packet information:
Source and destination address
Source port (for source and static NAT only)
The first rule in the rule set that matches the traffic is used. If a packet matches a rule in a rule set during session establishment, traffic is processed according to the action specified by that rule.
When you create a new NAT policy, click on the NAT policy name to configure the rules. You can configure the following types of NAT rules:
Depending on the type of rule you have chosen, some fields in the rule will not be applicable. In addition to defining rules between zones and interfaces, you can define NAT rules with virtual routers defined on the device. These rules can be successfully published and updated on the device.
Configuring NAT Rule Settings
To configure a NAT rule:
- Select Configure > NAT Policies > Policies.
- Click the NAT policy name.
The Rules page appears.
- Add a rule by clicking Create. Select the type of rule you want to add (source, static, or destination).
- Complete the configuration according to the guidelines provided in Table 1.
- Click Save.
A new NAT rule is configured for a NAT policy.
Table 1: NAT Rules Settings
Displays the sequence number assigned to the NAT rule.
Select the name of the NAT policy that you want to add a rule to.
Select the type of NAT rule:
Click the Source Ingress field to configure the ingress type.
Click the Source Address field to assign the source address for the policy, from the Available list.
Click the Source Port field to configure the source port for the policy.
Select the protocol from the Available list to permit or deny traffic.
Click the Destination Egress field to configure the egress type.
Click the Destination Address field to assign the destination address for the policy, from the Available list. Create a destination address inline by clicking Add New Destination Address.
Click the Destination Port field to configure the destination port for the policy.
Select the service to permit or deny for the source and destination type NAT rules. This is supported for devices running Junos OS Release 12.1X47.
Translated Packet Destination
Click Translated Packet Destination.
Select the appropriate destination address. This option is available only for the destination NAT rule.
Enter a description for the NAT rule; maximum length is 4096 characters.