Add a Source Rule Set
You are here: Configure > Security Services > NAT > Source.
Procedure
To add a source rule set:
- Click the add icon (+) on the upper right
side of the Source page.
The Add Rule Set page appears.
- Complete the configuration according to the guidelines
provided in Table 210.
- Click OK to save the changes. If you want to
discard your changes, click Cancel.
Table 210: Fields on the
Add Rule Set Page
Field | Action |
|---|
Rule Set Name | Enter a rule set name. |
Rule Set Description | Enter a description for the rule set. |
From | Select an option from the list: Routing Instance Zone Interface
Select the source routing instances, zones, or interfaces in
the Available column and use the right arrow to move them
to the Selected column. |
To | Select an option from the list: Routing Instance Zone Interface
Select the destination routing instances, zones, or interfaces
in the Available column and use the right arrow to move
them to the Selected column. |
| Rules |
Rules | Specifies the rules added to the selected source rule
set. |
| Add Rules |
+ | Click + available at the upper right of the
Rules table. The Add Rule page appears. |
Rule Name | Enter a rule name. |
Rule Description | Enter a description for the rule. |
Match | Displays the match source and destination addresses. |
Source addresses and Ports | Enter the following details: Source Address—Select an IPv4 or IPv6 address from
the list and move it from the Available column to the Selected column using the right arrow. Or enter an IP address
in the Selected column and click + to add it. Ports—Enter a port number or port range from low
to high and click + to add it. Port Range: 0 through 65535. Select an existing port and click X to delete it. IP Protocol—Select a protocol from the list or enter
a protocol number and click +.
|
Destination addresses and Ports | Enter the following details: Destination Address—Select an IPv4 or IPv6 address
from the list and move it from the Available column to
the Selected column using the right arrow. Or enter an
IP address in the Selected column and click + to add it. Port—Select one of the following options: Any—Selects available port. Port—Enter a port number. Port Range—Enter a port range from low to high.
|
| Action |
No Source NAT | None |
Do Source NAT With Egress Interface Address | Enable the Persistent check box and enter the following: Permit—Select an option from the list: any-remote-host—All requests from a specific internal
IP address and port are mapped to the same reflexive transport address.
(The reflexive transport address is the public IP address and port
created by the NAT device closest to the STUN server.) Any external
host can send a packet to the internal host by sending the packet
to the reflexive transport address. target-host—All requests from a specific internal
IP address and port are mapped to the same reflexive transport address.
An external host can send a packet to an internal host by sending
the packet to the reflexive transport address. The internal host must
have previously sent a packet to the external host’s IP address. target-host-port—All requests from a specific internal
IP address and port are mapped to the same reflexive transport address.
An external host can send a packet to an internal host by sending
the packet to the reflexive transport address. The internal host must
have previously sent a packet to the external host’s IP address
and port. Note:
The target-host-port configuration is not supported for
NAT64 when configured with IPv6 address.
Inactivity Timeout—Enter the value in seconds for
the persistent NAT binding remains in the SRX device memory when all
the sessions of the binding entry are gone. When the configured timeout
is reached, the binding is removed from memory. Range: 60 through 7200. Max Session Number—Enter the number of the sessions
with which a persistent NAT binding can be associated. Range: 8 through 65,536.
|
| Utilization Alarm |
Upper Threshold | Enter an upper threshold value at which an SNMP trap
is triggered. Range: 1 through 4294967295. |
Lower Threshold | Enter a lower threshold value at which an SNMP trap is
triggered. Range: 1 through 4294967295. Note:
This option can be set only if you configure the upper
threshold value. |
Edit Rules | Select an existing rule and click the edit icon at the
top right corner of the Rules table. The Edit Interface page appears with editable fields. |
Delete Rules | Select an interface and click the delete icon at the
top right corner of the Rules table. A confirmation window appears. Click Yes to delete
the selected interface or click No to discard. |
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!