Hello Ismail,
Let me try again!
" set interface ethernet0/3 description "SRDP" vip 172.21.24.30: 80 "Oracle4" 10.200.3.37:778 "
converts a destination address of a packet (arriving in SRDP zone ) from 172.21.24.30 port 80 to 10.200.3.37 port 778.
On Junos it is achieved by the destination NAT rule written as :-
set security nat destination pool SRDP-VIP-NAT address10.200.3.37
set security nat destination pool SRDP-VIP-NAT address port 778
set security nat destination rule-set VIP from zone SRDP
set security nat destination rule-set VIP rule r1 match destination-address 172.21.24.30
set security nat destination rule-set VIP rule r1 match destination-port 80
set security nat destination rule-set VIP rule r1 then destination-nat pool SRDP-VIP-NAT
Corresponding security policy would look like the following: -
set security zones security-zone trust address-book address HTS11 10.200.3.37/32
set security policies from-zone SRDP to-zone Trust policy Allow-VIP match source-address any <<<<<<< You can use an address book with the client's subnet here.
set security policies from-zone SRDP to-zone Trust policy Allow-VIP match destination-address HTS11
set security policies from-zone SRDP to-zone Trust policy Allow-VIP match application Oracle4
set security policies from-zone SRDP to-zone Trust policy Allow-VIP then permit
P.S. :- I could not find any attachment with your last post.
Thanks!