Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

destination-address (Security Policies Flag)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 9.2.

Description

Specify whether the traffic permitted by the security policy is limited to packets where the destination IP address has been translated by means of a destination NAT rule or to packets where the destination IP address has not been translated.

On Juniper Networks security devices, destination NAT rules are processed before security policy lookup. Therefore, it is possible for a security policy to permit traffic from a source S to a destination D (where no destination NAT is performed) and also to permit traffic from the source S to the destination d (where d has been translated to D).

Options

  • drop-translated—Drop packets with translated destination IP addresses. Traffic permitted by the security policy is limited to packets where the destination IP address has not been translated.

  • drop-untranslated—Drop packets without translated destination IP addresses. Traffic permitted by the security policy is limited to packets where the destination IP address has been translated by means of a destination NAT rule.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation