Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Device Setup

Basic Settings

System Identity Configuration Page Options

Procedure

  1. Select Configure>System Properties>System Identity in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

    Or

    Select Configure>Device Setup>Basic Settings>System Identity in the J-Web user interface.

    The System Identity configuration page appears.

  2. (Junos OS Release 18.3R1 and later releases) Select Configure>Device Settings>Basic Settings>System Identity Details in the J-Web user interface.

    Table 102 explains the contents of this page.

  3. Click one:
    • Save—Saves all the basic settings configuration and returns to the main configuration page.

      Note For all the configuration options under Basic Settings:

      • Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.

      • When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels all your entries and returns to the main configuration page.

Table 102: System Identity Details Configuration Details

Field FunctionAction

Host Name

Specifies the hostname of the device.

Enter a name.

Domain Name

Specifies the network or subnetwork to which the device belongs.

Enter a name.

Root Password

Specifies a password for the root user.

Note: After you have defined a root password, that password is required when you log in to the J-Web or the CLI.

Enter a password.

Confirm Password

Specifies the password for the root user.

Re-enter the password.

DNS Servers

Specifies the DNS server settings. The options available are:

  • Add

  • Edit

  • Delete

Select an option:

  • To specify a server that the device can use to resolve hostnames into addresses, click Add in the DNS Servers section. Then, enter the IP address of the server in the Add DNS Server dialog box and click OK.

  • To edit an existing DNS server hostname, select it and click Edit or right-click on it and click Edit Row. Then, edit the IP address in the Edit DNS Server dialog box and click OK.

  • To remove an existing DNS server hostname, select it and click Delete or right-click on it and click Delete Row.

Domain Search

Specifies the DNS hostname settings. The options available are:

  • Add

  • Edit

  • Delete

Select an option:

  • To include the device’s domain name in a DNS search, click Add in the Domain Search section. Then enter the domain name in the Add Domain Search dialog box and click OK.

  • To edit an existing domain name, select it and click Edit or right-click on it and click Edit Row. Then, edit the domain name in the Edit Domain Search dialog box and click OK.

  • To remove an existing domain name, select it and click Delete or right-click on it and click Delete Row.

See Also

Date and Time Configuration Page Options

Procedure

  1. Select Configure>System Properties>Date and Time in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platform.

    Or

    Select Configure>Device Setup>Basic Settings>Date Time in the J-Web user interface.

    The Date and Time configuration page appears.

  2. (Junos OS Release 18.3R1 and later releases) Select Configure>Device Setup>Basic Settings>Date & Time Details in the J-Web user interface. Table 103 explains the contents of this page.
  3. Click one:
    • Save—Saves all the basic settings configuration and returns to the main configuration page.

      Note For all the configuration options under Basic Settings:

      • Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.

      • When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels all your entries and returns to the main configuration page.

Table 103: Date and Time Configuration Details

Field FunctionAction

Time Zone

Specifies the time zone in which the router resides.

Select a time zone from the list.

Current date/time

Displays the current date and time.

Time Source

Specifies which method the device should use to set the system time.

 

Sync with NTP Server—Synchronizes the system time with the NTP server that you select. The available options are:

  • Add

  • Edit.

  • Delete

Select an option.

  • To add an NTP server, click Add. Then, enter the NTP server, key, and version in the Add NTP Server dialog box, and click OK.

  • To edit the settings for an existing NTP server, select it and click Edit or right-click on it and click Edit Row. Then, edit the key and version in the Edit NTP Server dialog box, and click OK.

  • To delete an existing NTP server, select it and click Delete or right-click on it and click Delete Row, and click OK.

Sync with Computer Time—Uses the computer that you are currently logged into to determine the system time for the device.

When you select this option, the PC time that will be used is displayed in the Current Date & Time field.

Manual Configure Time—Enables you to manually select the date and time for the device.

Note: After you configure the time manually, the session will expire. Log in to J-Web.

Set the date and time using the calendar pick tool and time fields.

See Also

Management Access Configuration Page Options

Procedure

  1. Select Configure>System Properties>Management Access in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platform.

    Or

    Select Configure>Device Setup>Basic Settings>Management Access in the J-Web user interface.

    The Management Access configuration page appears.

  2. (Junos OS Release 18.3R1 and later releases) Select Configure>Device Setup>Basic Settings>Management Access Configuration in the J-Web user interface. Table 104 explains the contents of this page.
  3. Click one:
    • Save—Saves all the basic settings configuration and returns to the main configuration page.

      Note For all the configuration options under Basic Settings:

      • Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.

      • When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels all your entries and returns to the main configuration page.

Table 104: Management Access Configuration Details

Field FunctionAction

Loopback Address

Specifies a loopback address for the device.

Enter the IP address.

Note: If the SRX device does not have a dedicated management port (fxp0), then Loopback Address and Subnet are the only options available for the management access configuration.

Subnet

Specifies the range of logical addresses within the address space that is assigned to an organization.

Enter the address, for example, 255.255.255.0. You can also specify the address prefix.

IPv4

Displays whether or not IPv4 is enabled.

Select this option to enable IPv4.

Note: IPv4 configuration is supported only on the SRX devices with fxp0 port.

Management Access Port

Specifies an IPv4 address for the device.

Enter the IP address.

Subnet

Specifies the range of logical addresses within the address space that is assigned to an organization.

Enter the address, for example, 255.255.255.0. You can also specify the address prefix.

Default Gateway

Specifies the default gateway address for IPv4.

Enter the IP address.

Services

Telnet

Provides secure Telnet connections.

Select this option to enable telnet.

SSH

Provides secure SSH connections.

Select this option to enable SSH.

FTP

Provides secure file transfers

Select this option to enable FTP.

Netconf

Provides NETCONF connections.

Select this option to enable NETCONF.

RFC Complaint

Provides NETCONF sessions complaint with RFC 4741.

Select this option to enable RFC complaint.

Netconf -> SSH

Provides NETCONF connections over SSH connections.

Select this option to enable Netconf -> SSH.

Trace Options

Provides NETCONF trace options.

Select this option to enable trace options.

On Demand

Provides on-demand tracing.

Select this option to enable on-demand.

No Remote Trace

Disables remote tracing.

Select this option to enable no remote tracing.

Junoscript Over Clear Text

Provides clear text based Junoscript connections.

Select this option to enable Junoscript over clear text.

Junoscript Over SSL

Provides SSL based Junoscript connections.

Select this option to enable Junoscript over SSL.

Junoscript Certificate

Provides the local certificate for SSL.

Select the local certificate for SSL from the list.

HTTP

Enables unencrypted HTTP connection settings.

Select this option to enable HTTP.

Interface

Provides interfaces that accept HTTP access.

Select the interface in order of your preference and click on the left arrow/right arrow to add.

HTTPS

Enables encrypted HTTPS connection settings.

Select this option to enable HTTPS.

Interface

Provides interfaces that accept HTTPS access.

Select the interface in order of your preference and click on the left arrow/right arrow to add.

HTTPS Certificate

Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs.

Select the HTTPS certificate form the list.

HTTPS Port

Provides TCP ports for incoming HTTPS connections.

Select the HTTPS port by clicking top or bottom arrows.

WEB API

Web API

Enables Web API configuration.

Select this option to enable Web API.

Client

Enables client for the Web API.

Select this option to enable client.

Host Name

Provides the address of permitted HTTP/HTTPS request originators.

Select this option to add or delete the address of permitted HTTP/HTTPS request originators.

To add, click + and enter the IPv4 address of the request originator.

HTTP

Enables unencrypted HTTP connection settings.

Select this option to enable HTTP.

HTTP Port

Provides TCP ports for incoming HTTP connections.

Select this option to enable HTTP port.

HTTPs

Enables encrypted HTTPS connection settings.

Select this option to enable HTTPS.

HTTPS Port

Provides TCP ports for incoming HTTPS connections.

Click top or bottom arrows to select the HTTPS port.

Certificate Type

Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API.

Select an option.

Default

-

PKI Certificate

The option available is PKI Certificate. Select a PKI certificate from the list for HTTPS of Web API.

File Path

The options available are as follows:

  • File Path:

    • Browse—Click and select a certificate from your desired location.

    • Upload—Click and upload the selected certificate.

  • Certificate—Displays the file path of the uploaded certificate.

  • Certificate Key:

    • Browse—Click and select the certificate key from your desired location.

    • Upload—Click and upload the selected certificate key.

  • Certificate Key—Displays the file path of the uploaded certificate key.

User

Provides the user credential details.

Select this option to enable user.

Name

Specifies the username.

Enter the username.

Password

Specifies the user password.

Enter the password.

REST API

REST API

Allows RPC execution over HTTP(S) connection.

Select this option to enable REST API.

Explorer

Provides the REST API explorer tool.

Select this option to enable REST API explorer.

Control

Controls the REST API process.

Select this option to enable control.

Allowed Sources

Provides the source IP address.

Click + and enter the IPv4 address of the source.

Connection Limit

Provides the maximum number of simultaneous connections.

Click top or bottom arrows to select the number of simultaneous connections.

HTTP

Enables unencrypted HTTP connections for REST API.

Select this option to enable HTTP.

Address

Provides addresses for the incoming connections for HTTP of REST API.

Click + and enter the IPv4 address.

Port

Provides ports to accept HTTP connections fr REST API.

Click top or bottom arrows to select the HTTP port.

Note: The default port for HTTP of REST API is 3000.

HTTPS

Enables encrypted HTTPS connections for REST API.

Select this option to enable HTTPS.

Address

Provides addresses for the incoming connections for HTTPS of REST API.

Click + and enter the IPv4 address.

Cipher List

Provides the Cipher suites for HTTPS of REST API.

Select the Cipher suites in order of your preference and click on the left arrow or right arrow to add.

Port

Provides the port to accept the HTTPS connection of REST API.

Click top or bottom arrows to select the HTTPS port.

Note: The default port for HTTPS of REST API is 3443.

Server Certificate

Provides the server certificate for HTTPS of REST API.

Select the server certificate from the list.

Certificate Authority Profile

Provides the certificate authority profile for HTTPS of REST API.

Select the certificate authority profile from the list.

To create Certificate Authority:

  • Click Create Certificate Authority Profile.

  • Enter the following details:

    • CA Profile *—Enter the CA profile name.

    • CA Identifier *

    • File Path on Device for Certificate:

      • Browse—Click and select the certificatefrom your desired location.

      • Upload—Click and upload the selected certificate.

    • File Path on Device for Certificate—Displays the file path of the selected certificate.

  • Click OK.

Certificate

Certificate

Specifies the certificate name to secure HTTPS connections.

Select an option:

  • To add a new certificate, click +. Then enter the certificate name and certificate content in the Create certificate page, and then click OK.

  • To edit an existing certificate, select it and click Edit or right-click on it and click Edit Row. Then, edit the certificate content in the Edit Certificate page and click OK.

  • To delete an existing certificate, select it and click Delete or right-click on it and click Delete Row.

See Also

Security Logging Configuration Page Options

J-Web enables you to forward logs using stream mode and event mode. All the categories can be configured for sending specific category logs to different log servers in stream mode log forwarding.

Select Configure>Device Setup>Basic Settings>Security Logging in the J-Web user interface.

The Security Logging configuration page appears.

Note Starting in Junos OS 19.1R1, Security Logging page supports only Stream Mode.

Click one:

Table 105: Security Logging Configuration Page

Field FunctionAction

Logging

Enables the security logging.

Select this option to enable logging.

Note:

  • Starting in Junos OS Release 19.1R1, traffic logging is enabled as part of security logging configuration for logical system and tenant users.

  • Starting in Junos OS Release 19.1R1, when you enable the traffic logging, the existing Event mode configuration will be deleted, if any.

UTC Timestamp

Allows use of Coordinated Universal Time (UTC) for security log timestamps.

Select this option to enable UTC Timestamp.

Log On

Provides log on types for logging.

Select Source Address or Source Interface.

IP Address

Specifies a source IP address or the IP address used when exporting security logs.

Enter the IP address.

Interface

Specifies the interface of the log source.

Select the interface from the list.

Format

Specifies the format in which the logs are stored.

Select the logging format. By default, None logging format is selected.

Options available are:

  • binary—Binary encoded text to conserve resources.

  • SD-Syslog—Structured system log file.

  • Syslog—Traditional system log file.

Transport Protocol

Specifies the type of transport protocol to be used to log the data.

Select the logging transport protocol. By default, None is selected.

Options available are:

  • TCP—Set the transport protocol to TCP.

  • UDP—Set the transport protocol to UDP.

  • TLS—Set the transport protocol to TLS.

Syslog Server

Enables you to configure syslog servers. You can configure a maximum of three syslog servers.

Select an option:

  • To create syslog server, click +, enter the following details and then click OK.

    • Name—Enter the name of the new stream configuration.

    • Save At—Select the location from the list to save the stream.

    • Type—Select a format in which the logs are stored from the list.

      The log types are:

      • Structure

      • Standard

      • Web

    • Host—Enter the IP address for the stream host name.

  • To edit an existing syslog server, select it and click Edit or right-click on it and click Edit Row. Then, edit the saving mode, streaming type, and host in the Edit Syslog page and click OK.

  • To delete an existing syslog server, select it and click Delete or right-click on it and click Delete Row.

See Also

SNMP Configuration Page Options

Procedure

  1. Select Configure>Service>SNMP in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platform.

    Or

    Select Configure>Device Setup>Basic Settings>SNMP in the J-Web user interface.

    The SNMP configuration page appears.

  2. (Junos OS Release 18.3R1 and later releases) Select Configure>Device Setup>Basic Settings>SNMP in the J-Web user interface.
  3. Click one:
    • Save—Saves all the basic settings configuration and returns to the main configuration page.

      Note For all the configuration options under Basic Settings:

      • Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.

      • When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels all your entries and returns to the main configuration page.

Table 106: SNMP Configuration Details

Field FunctionAction

Contact Information

Specifies the administrative contact for the system.

Enter any contact information for the administrator of the system (such as name and phone number).

System Description

Specifies the description for the system.

Enter any information that describes the system.

Local Engine ID

Specifies the administratively unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. Generally, the local engine ID suffix is the MAC address of Ethernet management port 0.

Enter the MAC address of Ethernet management port 0.

System Location

Specifies the location of the system.

Enter any location information for the system (lab name or rack name, for example).

System Name Override

Specifies the option to override the system hostname.

Enter the name of the system.

Community

Specifies the name and authorization for the SNMP community.

  • Click +.

  • Enter the name of the community being added.

  • Select the desired authorization (either read-only or read-write) from the list.

Trap Groups

Name

Specifies the name of the SNMP trap group being configured.

Enter the SNMP trap group name.

Categories

Specifies which trap categories to add to the trap group being configured. The options available are:

  • Authentication

  • Chassis

  • Configuration

  • Link

  • Remote operations

  • RMON alarm

  • Routing

  • Startup

  • CRRP events

Select an option.

Targets

Specifies one or more IP addresses that specify the systems to receive SNMP traps that are generated by the trap group being configured.

Click +, enter the target IP address for SNMP trap group, and click OK.

Health Monitoring

Specifies the option to check the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health:

  • Percentage of file storage used

  • Percentage of Routing Engine CPU used

  • Percentage of Routing Engine memory used

  • Percentage of memory used for each system process

  • Percentage of CPU used by the forwarding process

  • Percentage of memory used for temporary storage by the forwarding process

Enable the option.

Interval

Specifies the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds.

Enter a value from 1 through 24855. The default value is 300 seconds.

Rising Threshold

Specifies the value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is increasing. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds.

Enter a value from 1 through 100. The default value is 90 seconds.

Falling Threshold

Specifies a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is decreasing. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator falls back to 80 seconds or less.

Enter a value 0 through 100. The default value is 80 seconds.

See Also

Configuring Cluster (HA) Setup

Procedure

  1. Select Configure>Device Setup> Cluster (HA) Setup.

    The Chassis Cluster Setup Wizard configuration page appears. This wizard guides you through configuring chassis cluster on a two-unit cluster.

    Before You Begin

    Before you establish a chassis cluster connection between the two units, ensure that you have physical access to both the devices.

    • Your other unit must be on the same hardware and software version as the current unit.

    • Note that both units are erased and rebooted, after which all existing data is irretrievable. You have the option to save a backup copy of your configuration before rebooting.

    Selecting a Node

    The welcome page shows the possible chassis cluster connections that you can configure for your SRX Series device. It shows a graphical representation for SECONDARY UNIT (NODE1) and PRIMARY UNIT (NODE 0).

    If this is the first unit you are setting up, select Yes, this is the first unit to be setup (Node 1).The secondary unit is outlined to indicate the node 1 configuration. You can configure your primary unit (Node 0) later. If you prefer to set a different unit as your secondary, switch to it now and re-enter the Chassis Cluster setup wizard.

    If this is the primary or second unit you are setting up, select No, this is the second unit to be setup (Node 0). This option will enable you to establish a Chassis Cluster configuration with the secondary unit that you already finished setting up.

    Click Next. The Chassis Cluster Setup Wizard page appears.

    Setting Up Secondary Unit (Node 1)

    Procedure

    1. In the Chassis Cluster Setup Wizard page, read the requirements to set up or configure the secondary unit.

    2. Click Next to acknowledge the requirements and proceed.
    3. Enter the secondary unit information such as the password, Node 0 FXP0 IP, and Node 1 FXP0 IP and click Next.

    Connecting Units

    Procedure

    Ensure that both the units are powered on. Ensure that your computer is connected to your secondary unit via the FXP0 port.

    1. There are two ways you can connect the ports of the two units. Select the port connections from the following types of connections.

      Your secondary unit's Control Port ge-0/0/1 is connected to your primary unit's Control Port ge-0/0/1.

      and/or

      Your secondary unit's Fabric Port ge-0/0/2 is connected to your primary unit's Fabric Port ge-0/0/2.

      In the Chassis Cluster Setup Wizard page, select the type of connection that you have established for both the units.

    2. Click Next.

    Switching Units

    Procedure

    Once the connection is established between the two units, you must shutdown the unit in order to reconfigure it for chassis cluster. You can select to save a backup before shutting down.

    1. Click Next and proceed to shutdown.
    2. The graphical representation of the units show that the primary unit is shutdown.

      Click Shutdown and continue.

    Procedure

    The graphical representation of the units shows that the primary unit is now connected to your computer and the secondary unit is shutdown..

    1. Connect your computer to the primary unit by port 0/0/3.
    2. click Refresh Browser to reconnect to J-Web on the primary unit and re-enter the Chassis Cluster wizard.
  2. Click one:
    • Enable—Enables cluster mode on the node.

      • Enable and Reboot—Enables cluster mode and reboots the node.

      • Enable and No Reboot—Enables cluster mode without rebooting the node.

    • Disable—Disables the cluster mode on the node.

      • Disable and Reboot—Disables cluster mode and reboots the node.

      • Disable and No Reboot—Disables cluster mode without rebooting the node.

    • Reset—Resets your entries to the original value.

  3. Click one:
    • OK—Saves the configuration and returns to the main configuration page.

    • Commit Options>Commit—Commits the configuration and returns to the main configuration page.

    • Cancel—Cancels your entries and returns to the main configuration page.

Table 107: Add Chassis Cluster Setup Wizard Configuration Details

Field FunctionAction

Cluster ID

Specifies the number by which a cluster is identified.

Enter a number from 0 through 15.

Node

Node ID

Specifies the number by which a node is identified.

Enter a number from 0 through 1.

Node Management IP Address (fxp0.0)

Specifies the management IP address of a node.

Enter a valid IP address for the management interface.

Control Link

Fpc

Specifies the FPC control link.

Select the FPC number from the list.

Port

Specifies the port to configure for the control link.

Enter a number from 0 through 2.

See Also

Set Up

You can use the Setup wizard to configure a device or edit an existing configuration.

Using the Setup wizard, you can configure the following:

Note 

On all branch SRX Series devices, the New Setup wizard has the following limitations:

  • The Existing Edit mode might not work as expected if you previously configured the device manually, without using the wizard.

  • Edit mode might overwrite outside configurations such as Custom Application, Policy Name, and zone inbound services.

  • In create new mode, when you commit your configuration changes, your changes will overwrite the existing configuration.

  • VPN and NAT wizards are not compatible with the New Setup wizard; therefore the VPN or NAT wizard configuration will not be reflected in the New Setup wizard or vice versa.

  • By default, 2 minutes are required to commit a configuration using the New Setup wizard.

  • On SRX650 devices, the default mode configures only the ge-0/0/1 interface under the internal zone.

  • You might encounter usability issues if you use Microsoft Internet Explorer version 8 to launch the New Setup wizard.

  • If you refresh your browser after you download the license, the factory mode wizard is not available.

  • When you commit the configuration, the underlying Web management interface changes, and you do not receive a response about the commit status.

  • Webserver ports 80 (HTTP) and 443 (HTTPS) on the DMZ or internal zone are overshadowed if Web management is enabled on the Internet zone not configured for destination NAT. As a workaround, change the webserver port numbers for HTTP and HTTPS by editing the recommended policies on the Security policies page.

  • Images, buttons, and spinner (indicating that the configuration is being applied) on the wizard screen do not initially appear when the browser cache is cleared.

PPPoE

PPPoE connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device (Juniper Networks device).

Use the configure PPPoE tasks to configure the PPPoE connection. The PPPoE wizard guides you to set up a PPPoE client over the Ethernet connection.

Note 

On all branch SRX Series devices, the PPPoE wizard has the following limitations:

  • While you use the load and save functionality, the port details are not saved in the client file.

  • The Non Wizard connection option cannot be edited or deleted through the wizard. Use the CLI to edit or delete the connections.

  • The PPPoE wizard cannot be launched if the backend file is corrupted.

  • The PPPoE wizard cannot be loaded from the client file if non-wizard connections share the same units.

  • The PPPoE wizard cannot load the saved file from one platform to another platform.

  • There is no backward compatibility between PPPoE wizard Phase 2 to PPPoE wizard Phase 1. As a result, the PPPoE connection from Phase 2 will not be shown in Phase 1 when you downgrade to an earlier release.

VPN Wizard

A virtual private network (VPN) provides a means for secure communication among remote computers across a public WAN, such as the Internet.

This wizard leads you through the basic required steps to configure basic settings for a router-based VPN. To configure a VPN with a complete set of options, use either the J-Web interface or the command-line interface (CLI).

As you use this wizard, refer to the upper left area of the page to see where you are in the configuration process. Refer to the lower left area of the page for help related to the current page and its contents.

When you click a link under the Resources heading in the lower left area, the document opens in your browser. If it is in a new tab, be sure to close only the tab (not the browser window) when you close the document.

NAT Wizard

Network Address Translation (NAT) is a method for modifying or translating network address information in packet headers. Either one or both of the source and destination addresses in a packet may be translated. NAT can also include the translation of port numbers.

The NAT type determines the order in which NAT rules are processed. During the first packet processing for a flow, NAT rules are applied in the following order:

Procedure

  1. Static NAT rules
  2. Destination NAT rules
  3. Route lookup
  4. Security policy lookup
  5. Reverse mapping of static NAT rules
  6. Source NAT rules

This wizard leads you through the basic required steps to configure NAT for the SRX Series security device. To configure more detailed settings, use either the J-Web interface or the command-line interface (CLI).

As you use this wizard, refer to the upper left area of the page to see where you are in the configuration process. Refer to the lower left area of the page for help related to the current page and its contents.

When you click a link under the Resources heading in the lower left area, the document opens in your browser. If it is in a new tab, be sure to close only the tab (not the browser window) when you close the document.

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit