Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Network Address Translation (NAT)

  • Enhanced persistent NAT binding support (SRX4100, SRX4200, and vSRX)—Starting in Junos OS release 23.4R1, we've increased the number of persistent NAT bindings supported. The increased persistent NAT binding support is based on the available memory and sessions.

    The internal host must have previously sent a packet to the external host’s IP address. All requests from a specific internal IP address and port are mapped to the same reflexive transport address. Any external host can send a packet to the internal host by sending the packet to the reflexive transport address.

    [See Persistent NAT and NAT64.]

  • NAT PBA monitoring (MX240, MX480, MX960, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.4R1, we've added the following enhancements:

    • Support for port overloading and index-based port utilization in SNMP MIB table. jnxJsNatPortOverloadUtilTable.

    • Support for pool based port utilization MIB object jnxJsNatPoolUtil on MX-SPC3.

    • A new trap in the MIB table jnxJsSrcNatOverloadedPoolThresholdStatus to alert when the port is overloaded.

    • Support for source NAT PBA table jnxJsNatPbaStatsTable in SRX Series Firewall.

    • Display sessions filters:

      • On SRX Series Firewall devices at source NAT, use the set security nat source pool <pool_name> port port-overloading-usage-alarm raise-threshold <value> command.

      • On SRX Series Firewall devices, use the set security nat source port-overloading-usage-alarm raise-threshold <value> command.

      • On MX-SPC3 at source NAT, use the set services nat source pool <pool_name> port port-overloading-usage-alarm raise-threshold <value> command.

      • On MX-SPC3, use the set services nat source port-overloading-usage-alarm raise-threshold <value> command.

    • Clear sessions filters:

      • On SRX Series Firewall devices at source NAT, use the set security nat source pool <pool_name> port port-overloading-usage-alarm clear-threshold <value> command.

      • On SRX Series Firewall devices, use the set security nat source port-overloading-usage-alarm clear-threshold <value> command.

      • On MX-SPC3 at source NAT, use the set services nat source pool <pool_name> port port-overloading-usage-alarm clear-threshold <value> command.

      • On MX-SPC3, use the set services nat source port-overloading-usage-alarm clear-threshold <value> command.

    [See show security flow session, clear services sessions, show services sessions, clear security flow session, pool (Security Source NAT) and port (Security Source NAT).]