Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

NAT

 

Monitoring Source NAT Information

Purpose

Display configured information about source Network Address Translation (NAT) rules, pools, persistent NAT, and paired addresses.

Action

Select Monitor>NAT>Source NAT in the J-Web user interface, or enter the following CLI commands:

  • show security nat source summary

  • show security nat source pool pool-name

  • show security nat source persistent-nat-table

  • show security nat source paired-address

Table 40 describes the available options for monitoring source NAT.

Table 40: Source NAT Monitoring Page

Field

Description

Action

Rules

Rule-set Name

Name of the rule set.

Select all rule sets or a specific rule set to display from the list.

Total rules

Number of rules configured.

ID

Rule ID number.

Name

Name of the rule .

From

Name of the routing instance/zone/interface from which the packet flows.

To

Name of the routing instance/zone/interface to which the packet flows.

Source address range

Source IP address range in the source pool.

Destination address range

Destination IP address range in the source pool.

Source ports

Source port numbers.

Ip protocol

IP protocol.

Action

Action taken for a packet that matches a rule.

Persistent NAT type

Persistent NAT type.

Inactivity timeout

Inactivity timeout interval for the persistent NAT binding.

Alarm threshold

Utilization alarm threshold.

Max session number

The maximum number of sessions.

Sessions (Succ/

Failed/

Current)

Successful, failed, and current sessions.

  • Succ–Number of successful session installations after the NAT rule is matched.

  • Failed–Number of unsuccessful session installations after the NAT rule is matched.

  • Current–Number of sessions that reference the specified rule.

Translation Hits

Number of times a translation in the translation table is used for a source NAT rule.

Pools

Pool Name

The names of the pools.

Select all pools or a specific pool to display from the list.

Total Pools

Total pools added.

ID

ID of the pool.

Name

Name of the source pool.

Address range

IP address range in the source pool.

Single/Twin ports

Number of allocated single and twin ports.

Port

Source port number in the pool.

Address assignment

Displays the type of address assignment.

Alarm threshold

Utilization alarm threshold.

Port overloading factor

Port overloading capacity.

Routing instance

Name of the routing instance.

Total addresses

Total IP address, IP address set, or address book entry.

Host address base

Host base address of the original source IP address range.

Translation hits

Number of times a translation in the translation table is used for source NAT.

Top 10 Translation Hits

Graph

Displays the graph of top 10 translation hits.

Persistent NAT
Persistent NAT table statistics

binding total

Displays the total number of persistent NAT bindings for the FPC.

binding in use

Number of persistent NAT bindings that are in use for the FPC.

enode total

Total number of persistent NAT enodes for the FPC.

enode in use

Number of persistent NAT enodes that are in use for the FPC.

Persistent NAT table

Source NAT pool

Name of the pool.

Select all pools or a specific pool to display from the list.

Internal IP

Internal IP address.

Select all IP addresses or a specific IP address to display from the list.

Internal port

Displays the internal ports configured in the system.

Select the port to display from the list.

Internal protocol

Internal protocols .

Select all protocols or a specific protocol to display from the list.

Internal IP

Internal transport IP address of the outgoing session from internal to external.

Internal port

Internal transport port number of the outgoing session from internal to external.

Internal protocol

Internal protocol of the outgoing session from internal to external.

Reflective IP

Translated IP address of the source IP address.

Reflective port

Displays the translated number of the port.

Reflective protocol

Translated protocol.

Source NAT pool

Name of the source NAT pool where persistent NAT is used.

Type

Persistent NAT type.

Left time/Conf time

Inactivity timeout period that remains and the configured timeout value.

Current session num/Max session num

Number of current sessions associated with the persistent NAT binding and the maximum number of sessions.

Source NAT rule

Name of the source NAT rule to which this persistent NAT binding applies.

External node table

Internal IP

Internal transport IP address of the outgoing session from internal to external.

Internal port

Internal port number of the outgoing session from internal to external.

External IP

External IP address of the outgoing session from internal to external.

External port

External port of the outgoing session from internal to external.

Zone

External zone of the outgoing session from internal to external.

Paired Address

Pool name

Name of the pool.

Select all pools or a specific pool to display from the list.

Specified Address

IP address.

Select all addresses, or select the internal or external IP address to display, and enter the IP address.

Pool name

Displays the selected pool or pools.

Internal address

Displays the internal IP address.

External address

Displays the external IP address.

Resource Usage
Utilization for all source pools

Pool name

Name of the pool.

To view additional usage information for Port Address Translation (PAT) pools, select a pool name. The information displays under Detail Port Utilization for Specified Pool.

Pool type

Pool type: PAT or Non-PAT.

Port overloading factor

Port overloading capacity for PAT pools.

Address

Addresses in the pool.

Used

Number of used resources in the pool.

For Non-PAT pools, the number of used IP addresses is displayed.

For PAT pools, the number of used ports is displayed.

Available

Number of available resources in the pool.

For Non-PAT pools, the number of available IP addresses is displayed.

For PAT pools, the number of available ports is displayed.

Total

Number of used and available resources in the pool.

For Non-PAT pools, the total number of used and available IP addresses is displayed.

For PAT pools, the total number of used and available ports is displayed.

Usage

Percent of resources used.

For Non-PAT pools, the percent of IP addresses used is displayed.

For PAT pools, the percent of ports, including single and twin ports, is displayed.

Peak usage

Percent of resources used during the peak date and time.

Detail Port Utilization for Specified Pool

Address Name

IP addresses in the PAT pool.

Select the IP address for which you want to display detailed usage information.

Factor-Index

Index number.

Port-range

Displays the number of ports allocated at a time.

Used

Displays the number of used ports.

Available

Displays the number of available ports.

Total

Displays the number of used and available ports.

Usage

Displays the percentage of ports used during the peak date and time.

Monitoring Destination NAT Information

Purpose

View the destination Network Address Translation (NAT) summary table and the details of the specified NAT destination address pool information.

Action

Select Monitor>NAT> Destination NAT in the J-Web user interface, or enter the following CLI commands:

  • show security nat destination summary

  • show security nat destination pool pool-name

Table 41 summarizes key output fields in the destination NAT display.

Table 41: Summary of Key Destination NAT Output Fields

Field

Values

Action

Rules

Rule-set Name

Name of the rule set.

Select all rule sets or a specific rule set to display from the list.

Total rules

Number of rules configured.

ID

Rule ID number.

Name

Name of the rule .

Ruleset Name

Name of the rule set.

From

Name of the routing instance/zone/interface from which the packet flows.

Source address range

Source IP address range in the source pool.

Destination address range

Destination IP address range in the source pool.

Destination port

Destination port in the destination pool.

IP protocol

IP protocol.

Action

Action taken for a packet that matches a rule.

Alarm threshold

Utilization alarm threshold.

Sessions (Succ/

Failed/

Current)

Successful, failed, and current sessions.

  • Succ–Number of successful session installations after the NAT rule is matched.

  • Failed–Number of unsuccessful session installations after the NAT rule is matched.

  • Current–Number of sessions that reference the specified rule.

Translation hits

Number of times a translation in the translation table is used for a destination NAT rule.

Pools

Pool Name

The names of the pools.

Select all pools or a specific pool to display from the list.

Total Pools

Total pools added.

ID

ID of the pool.

Name

Name of the destination pool.

Address range

IP address range in the destination pool.

Port

Destination port number in the pool.

Routing instance

Name of the routing instance.

Total addresses

Total IP address, IP address set, or address book entry.

Translation hits

Number of times a translation in the translation table is used for destination NAT.

Top 10 Translation Hits

Graph

Displays the graph of top 10 translation hits.

Monitoring Static NAT Information

Purpose

View static NAT rule information.

Action

Select Monitor>NAT>Static NAT in the J-Web user interface, or enter the following CLI command:

show security nat static rule

Table 42 summarizes key output fields in the static NAT display.

Table 42: Summary of Key Static NAT Output Fields

Field

Values

Action

Rule-set Name

Name of the rule set.

Select all rule sets or a specific rule set to display from the list.

Total rules

Number of rules configured.

ID

Rule ID number.

Position

Position of the rule that indicates the order in which it applies to traffic.

Name

Name of the rule.

Ruleset Name

Name of the rule set.

From

Name of the routing instance/interface/zone from which the packet comes

Source addresses

Source IP addresses.

Source ports

Source port numbers.

Destination addresses

Destination IP address and subnet mask.

Destination ports

Destination port numbers .

Host addresses

Name of the host addresses.

Host ports

Host port numbers.

Netmask

Subnet IP address.

Host routing instance

Name of the routing instance from which the packet comes.

Alarm threshold

Utilization alarm threshold.

Sessions (Succ/

Failed/

Current)

Successful, failed, and current sessions.

  • Succ–Number of successful session installations after the NAT rule is matched.

  • Failed–Number of unsuccessful session installations after the NAT rule is matched.

  • Current–Number of sessions that reference the specified rule.

Translation hits

Number of times a translation in the translation table is used for a static NAT rule.

Top 10 Translation Hits Graph

Displays the graph of top 10 translation hits.

Monitoring Interface NAT Port Information

Purpose

View port usage for an interface source pool information.

Action

To monitoring interface NAT port information, do one of the following:

  • If you are using SRX5400, SRX5600, or SRX5800 platforms, select Monitor>Firewall/NAT>Interface NAT in the J-Web user interface or enter the CLI command show security nat interface-nat-ports.

  • Select Monitor>NAT>Interface NAT Ports in the J-Web user interface.

Table 43 summarizes key output fields in the interface NAT display.

Table 43: Summary of Key Interface NAT Output Fields

Field

Values

Additional Information

Interface NAT Summary Table

Pool Index

Port pool index.

Total Ports

Total number of ports in a port pool.

Single Ports Allocated

Number of ports allocated one at a time that are in use.

Single Ports Available

Number of ports allocated one at a time that are free for use.

Twin Ports Allocated

Number of ports allocated two at a time that are in use.

Twin Ports Available

Number of ports allocated two at a time that are free for use.

Monitoring NAT Incoming Table Information

Purpose

View NAT table information.

Action

Select Monitor>NAT>Incoming Table in the J-Web user interface, or enter the following CLI command:

show security nat incoming-table

Table 44 summarizes key output fields in the incoming table display.

Table 44: Summary of Key Incoming Table Output Fields

Field

Values

Statistics

In use

Number of entries in the NAT table.

Maximum

Maximum number of entries possible in the NAT table.

Entry allocation failed

Number of entries failed for allocation.

Incoming Table

Clear

Destination

Destination IP address and port number.

Host

Host IP address and port number that the destination IP address is mapped to.

References

Number of sessions referencing the entry.

Timeout

Timeout, in seconds, of the entry in the NAT table.

Source-pool

Name of source pool where translation is allocated.