Network Address Translation (NAT)
-
Port overflow burst mode (MX240, MX480, and MX960)—Starting in Junos OS Release 23.4R1, we support port overflow burst mode. You can use the ports beyond the allocated port blocks with the port overflow burst mode. You can configure a burst pool with a range of ports in an IP address to be reserved for bursting.
There are primary and burst pool types, device uses the burst pool type after the subscribers reach the limit configured in the primary pool.
You can configure one or more IP addresses as a separate burst pool. You can configure ports from the same IP address or separate IP address for bursting.
[See Port Overflow Burst Mode and port (Security Source NAT).]
-
NAT PBA monitoring (MX240, MX480, MX960, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.4R1, we've added the following enhancements:
-
Support for port overloading and index-based port utilization in SNMP MIB table. jnxJsNatPortOverloadUtilTable.
-
Support for pool based port utilization MIB object jnxJsNatPoolUtil on MX-SPC3.
-
A new trap in the MIB table jnxJsSrcNatOverloadedPoolThresholdStatus to alert when the port is overloaded.
-
Support for source NAT PBA table jnxJsNatPbaStatsTable in SRX Series Firewall.
-
Display sessions filters:
-
On SRX Series Firewall devices at source NAT, use the
set security nat source pool <pool_name> port port-overloading-usage-alarm raise-threshold <value>
command. -
On SRX Series Firewall devices, use the
set security nat source port-overloading-usage-alarm raise-threshold <value>
command. -
On MX-SPC3 at source NAT, use the
set services nat source pool <pool_name> port port-overloading-usage-alarm raise-threshold <value>
command. -
On MX-SPC3, use the
set services nat source port-overloading-usage-alarm raise-threshold <value>
command.
-
-
Clear sessions filters:
-
On SRX Series Firewall devices at source NAT, use the
set security nat source pool <pool_name> port port-overloading-usage-alarm clear-threshold <value>
command. -
On SRX Series Firewall devices, use the
set security nat source port-overloading-usage-alarm clear-threshold <value>
command. -
On MX-SPC3 at source NAT, use the
set services nat source pool <pool_name> port port-overloading-usage-alarm clear-threshold <value>
command. -
On MX-SPC3, use the
set services nat source port-overloading-usage-alarm clear-threshold <value>
command.
-
[See show security flow session, clear services sessions, show services sessions, clear security flow session, pool (Security Source NAT) and port (Security Source NAT).]
-