Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Add a Source Rule Set

You are here: Configure > Security Services > NAT > Source.

Procedure

To add a source rule set:

  1. Click the add icon (+) on the upper right side of the Source page.

    The Add Rule Set page appears.

  2. Complete the configuration according to the guidelines provided in Table 211.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 211: Fields on the Add Rule Set Page

Field

Action

Rule Set Name

Enter a rule set name.

Rule Set Description

Enter a description for the rule set.

From

Select an option from the list:

  • Routing Instance

  • Zone

  • Interface

Select the source routing instances, zones, or interfaces in the Available column and use the right arrow to move them to the Selected column.

To

Select an option from the list:

  • Routing Instance

  • Zone

  • Interface

Select the destination routing instances, zones, or interfaces in the Available column and use the right arrow to move them to the Selected column.

Rules

Rules

Specifies the rules added to the selected source rule set.

Add Rules

+

Click + available at the upper right of the Rules table.

The Add Rule page appears.

Rule Name

Enter a rule name.

Rule Description

Enter a description for the rule.

Match

Displays the match source and destination addresses.

Source addresses and Ports

Enter the following details:

  • Source Address—Select an IPv4 or IPv6 address from the list and move it from the Available column to the Selected column using the right arrow. Or enter an IP address in the Selected column and click + to add it.

  • Ports—Enter a port number or port range from low to high and click + to add it.

    Port Range: 0 through 65535.

    Select an existing port and click X to delete it.

  • IP Protocol—Select a protocol from the list or enter a protocol number and click +.

Destination addresses and Ports

Enter the following details:

  • Destination Address—Select an IPv4 or IPv6 address from the list and move it from the Available column to the Selected column using the right arrow. Or enter an IP address in the Selected column and click + to add it.

  • Port—Select one of the following options:

    • Any—Selects available port.

    • Port—Enter a port number.

    • Port Range—Enter a port range from low to high.

Action

No Source NAT

None

Do Source NAT With Egress Interface Address

Enable the Persistent check box and enter the following:

  • Permit—Select an option from the list:

    • any-remote-host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. (The reflexive transport address is the public IP address and port created by the NAT device closest to the STUN server.) Any external host can send a packet to the internal host by sending the packet to the reflexive transport address.

    • target-host—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external host’s IP address.

    • target-host-port—All requests from a specific internal IP address and port are mapped to the same reflexive transport address. An external host can send a packet to an internal host by sending the packet to the reflexive transport address. The internal host must have previously sent a packet to the external host’s IP address and port.

      Note: The target-host-port configuration is not supported for NAT64 when configured with IPv6 address.

  • Inactivity Timeout—Enter the value in seconds for the persistent NAT binding remains in the SRX device memory when all the sessions of the binding entry are gone. When the configured timeout is reached, the binding is removed from memory.

    Range: 60 through 7200.

  • Max Session Number—Enter the number of the sessions with which a persistent NAT binding can be associated.

    Range: 8 through 65,536.

Utilization Alarm

Upper Threshold

Enter an upper threshold value at which an SNMP trap is triggered.

Range: 1 through 4294967295.

Lower Threshold

Enter a lower threshold value at which an SNMP trap is triggered.

Range: 1 through 4294967295.

Note: This option can be set only if you configure the upper threshold value.

Edit Rules

Select an existing rule and click the edit icon at the top right corner of the Rules table.

The Edit Interface page appears with editable fields.

Delete Rules

Select an interface and click the delete icon at the top right corner of the Rules table.

A confirmation window appears. Click Yes to delete the selected interface or click No to discard.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit