Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Example: Configuring NAT for vSRX Virtual Firewall

This example shows how to configure vSRX Virtual Firewall to NAT all hosts behind the vSRX Virtual Firewall instance in the Amazon Virtual Private Cloud (Amazon VPC) to the IP address of the vSRX Virtual Firewall egress interface on the untrust zone. This configuration allows hosts behind vSRX Virtual Firewall in a cloud network to access the Internet.

Before You Begin

Ensure that you have installed and launched a vSRX Virtual Firewall instance in an Amazon VPC.


A common cloud configuration includes hosts that you want to grant access to the Internet, but you do not want anyone from outside your cloud to get access to your hosts. You can use vSRX Virtual Firewall in an Amazon VPC to NAT traffic inside the Amazon VPC from the public Internet.


Configuring NAT


Step-by-Step Procedure

To configure NAT on the vSRX Virtual Firewall instance:

  1. Log in to the vSRX Virtual Firewall console in configuration edit mode (See Configure vSRX Using the CLI.

  2. Set the IP addresses for vSRX Virtual Firewall revenue interfaces.

  3. Set up the untrust security zone.

  4. Set up the trust security zone.

  5. Set up the security policies.

  6. Configure NAT.