SOURCECODEBD.NET

Live Experience

Juniper NAT Configuration in SRX and all other firewall.
 
First, you need to create a POOL. Here I use a single IP 1.1.1.1/32 to my pool. This is Public IP.
My POOL Name: "WAN-Pool". You can give any name here.
 
# set security nat source pool WAN-Pool address 1.1.1.1/32;
 
Second, you need to declare nat source ZONE information.
That is here I use TRUST to UNTRUST.
Here My rule name is "trust-to-untrust". you can use this name anything.
 
# set security nat source rule-set trust-to-untrust from zone trust 
# set security nat source rule-set trust-to-untrust to zone untrust 
 
Third, need to declare allower private source IP block. Here I use 192.168.0.0/24
 
# set security nat source rule-set trust-to-untrust rule SNAT match source-address 192.168.0.0/24
 
Finally, Call that pool, what you have just created "WAN-Pool"
 
# set security nat source rule-set trust-to-untrust rule SNAT then source-nat pool WAN-Pool
 
 
The configuration look like this:
 
# show security
nat {
    source {
        pool WAN-Pool {
            address {
                1.1.1.1/32;
            }
        }
        rule-set trust-to-untrust {
            from zone trust;
            to zone untrust;
            rule SNAT {
                match {
                    source-address 192.168.0.0/24;
                }
                then {
                    source-nat {
                        pool {
                            WAN-Pool;
                        }
                    }
                }
            }
        }
    }
}
 
You are here: Home / Firewall & Policy / Juniper NAT Configuration