source (Source NAT)

Syntax

source {address-persistent;interface {port-overloading { off };}pool pool-name {address ip-address to ip-address ;host-address-base ip-address ;overflow-pool (interface | pool-name );port no-translation | range high ip-address low ip-address ;routing-instance routing-instance-name ;}pool-utilization-alarm {clear-threshold threshold-value ;raise-threshold threshold-value ;}port-randomization {disable;}rule-set rule-set-name {from interface [interface-name] | routing-instance [routing-instance-name] | zone [zone-name];rule rule-name {match {destination-address [destination-address];source-address [source-address];}then {source-nat (off | interface | pool pool-name );persistent-nat {address-mapping;inactivity-timeout seconds;max-session-number number;permit ( any-remote-host | target-host | target-host-port );}}}to interface [interface-name] | routing-instance [routing-instance-name] | zone [zone-name];}}

Hierarchy Level

[edit security nat]

Release Information

Statement modified in Release 9.6 of Junos OS.

Description

Configure source NAT of the SRX Series device, which allows you to configure the following:

Translate source IP address or addresses to the egress interface' IP address.
Translate a range of source IP addresses to another range of IP addresses. This mapping is dynamic and without PAT.
Translate a range of source IP addresses to another range of IP addresses. This mapping is dynamic and with PAT.
Translate a range of source IP addresses to another range of IP addresses. This mapping is one-to-one, static, and without PAT.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.