port forwarding on srx 210

• I have never been able to set up port forwarding on this SRX 210 

today i took a stab at it following these two articles 

http://www.mustbegeek.com/configure-destination-nat-in-juniper-srx/

https://www.fir3net.com/Firewalls/Juniper/juniper-srx-destination-nat-port-forwarding.html

i feel like i am very close but i havent been able to get a commit check to pass. 

deos anyone want to point me in the right direction. 

my goal is to to forward port 310 to ip address 192.168.1.33 for an application called aqua connect.(calling it AAP or AAP_Server in junos)

Below is the text output of my teminal session:

=-=-=-=-=-=-=-=-=-=

[edit applications]
root@PS260-SRX# set application AAP protocol tcp

[edit applications]
root@PS260-SRX# set application AAP destination-port 310

[edit applications]
root@PS260-SRX# show
application filemaker-tcp5003 {
protocol tcp;
destination-port 5003;
description "Filemaker Pro";
}
application AAP {
protocol tcp;
destination-port 310;
}

[edit applications]
root@PS260-SRX# exit

[edit]
root@PS260-SRX# edit security nat destination

[edit security nat destination]
root@PS260-SRX# set pool AAP_Server address 192.168.1.33

[edit security nat destination]
root@PS260-SRX# edit rule-set NatRule

[edit security nat destination rule-set NatRule]
root@PS260-SRX# set from zone untrust

[edit security nat destination rule-set NatRule]
root@PS260-SRX# edit rule Rule1AAP

[edit security nat destination rule-set NatRule rule Rule1AAP]
root@PS260-SRX# set then destination-nat pool AAP_Server

[edit security nat destination rule-set NatRule rule Rule1AAP]
root@PS260-SRX# show
match {
destination-address 74.113.161.210/32;
destination-port 310;
}
then {
destination-nat pool AAP_Server;
}

[edit security nat destination rule-set NatRule rule Rule1AAP]
root@PS260-SRX# exit

[edit security nat destination rule-set NatRule]
root@PS260-SRX# exit

[edit security nat destination]
root@PS260-SRX# exit

[edit]
root@PS260-SRX# edit security policies from-zone untrust to-zone trust

[edit security policies from-zone untrust to-zone trust]
root@PS260-SRX# edit policy AAP_Policy

[edit security policies from-zone untrust to-zone trust policy AAP_Policy]
root@PS260-SRX# set match source-address any

[edit security policies from-zone untrust to-zone trust policy AAP_Policy]
root@PS260-SRX# set match destination-address AAP_Server

[edit security policies from-zone untrust to-zone trust policy AAP_Policy]
root@PS260-SRX# set match application AAP

[edit security policies from-zone untrust to-zone trust policy AAP_Policy]
root@PS260-SRX# set then permit

[edit security policies from-zone untrust to-zone trust policy AAP_Policy]
root@PS260-SRX# show
match {
source-address any;
destination-address AAP_Server;
application AAP;
}
then {
permit;
}

[edit security policies from-zone untrust to-zone trust policy AAP_Policy]
root@PS260-SRX# exit

[edit security policies from-zone untrust to-zone trust]
root@PS260-SRX# exit

[edit]
root@PS260-SRX# set security zones security-zone trust address-book address AAP_Server 192.168.1.33/32

[edit]
root@PS260-SRX# edit security zones security-zone trust

[edit security zones security-zone trust]
root@PS260-SRX# show
address-book {
address AAP_Server 192.168.1.33/32;
}

[edit security zones security-zone trust]
root@PS260-SRX# exit

[edit]
root@PS260-SRX# set security nat destination pool dnat-192_168_1_33m32 address 192.168.1.33/32

[edit]
root@PS260-SRX# set security nat destination pool dnat-192_168_1_33m32 address port 310

[edit]
root@PS260-SRX# set security nat destination rule-set dst-nat from zone untrust

[edit]
root@PS260-SRX# set security nat destination rule-set dst-nat rule Rule1AAP match destination-address 74.113.161.210/32

[edit]
root@PS260-SRX# set security nat destination rule-set dst-nat rule Rule1AAP match destination-port 310

[edit]
root@PS260-SRX# set security nat destination rule-set dst-nat rule Rule1AAP then destination-nat pool dnat-192_168_1_33m32

[edit]
root@PS260-SRX# set security policies from-zone untrust to-zone trust policy untrust-to-trust1 match source-address any

[edit]
root@PS260-SRX# set security policies from-zone untrust to-zone trust policy untrust-to-trust1 match destination-address AAP_Server

[edit]
root@PS260-SRX# set security policies from-zone untrust to-zone trust policy untrust-to-trust1 match application AAP

[edit]
root@PS260-SRX# set security policies from-zone untrust to-zone trust policy untrust-to-trust1 then permit

[edit]
root@PS260-SRX# commit check
[edit security nat destination rule-set NatRule from zone]
'untrust'
Zone must be defined
[edit security nat destination rule-set dst-nat from zone]
'untrust'
Zone must be defined
[edit security policies from-zone untrust to-zone trust]
'untrust'
Security zone must be defined
error: configuration check-out failed: (statements constraint check failed)

[edit]
root@PS260-SRX#

==-=-=-=-=-=--=-

thanks in advance.