Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Network Address Translation (NAT)

  • Source NAT port overload (cSRX, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 22.4R1, We’ve updated the hash algorithm to allow for improved distribution of network traffic, when using the port overloading capability. Enabling better utilization per IP, as appropriate to the type of network traffic.

    The hash algorithm uses the reverse traffic from the server, matches the existing sessions, and reuses the same Network Address Translation (NAT) resources.

    You can configure the updated hash algorithm using the enhanced-port-overloading-algorithm statement at the [security nat source pool pool-name port] and [security nat source interface] hierarchy levels.

    [See pool (Security Source NAT) and source (Security Source NAT).]

  • Source NAT preserve range support (SRX Series)—Starting in Junos OS Release 22.4R1, we support a preserve range for the source NAT. You can assign a port within the same range as the incoming port, either 0 through 1023 or 1024 through 65,535.

    To enable the preserve range, configure the preserve-range statement at the [security nat source pool pool-name port] hierarchy level.

    [See pool (Security Source NAT) and preserve-range.]

  • Support for NAT64 router advertisement (MX Series)—Starting in Junos OS Release 22.4R1, we support NAT64 IPv6 address prefix router advertisement.

    The router advertises the configured NAT64 IPv6 address prefix in the router advertisement packets. You can configure up to three NAT64 IPv6 address prefixes per interface.

    You can configure the NAT64 IPv6 address prefix using the set protocols router-advertisement interface <interface-name> nat-prefix <prefix> command.

    You can configure the router advertisement time using the set protocols router-advertisement interface <interface-name> nat-prefix <prefix> lifetime <lifetime> command.

    [See IPv6 Neighbor Discovery, interface (Protocols IPv6 Neighbor Discovery), and show ipv6 router-advertisement.]