NAT before route
I have an SRX240 which is acting as a router to a third party. I also have a video encoder on IP 172.31.253.2/27. I need to change the IP of this device before routing it to the third party:...
View ArticleRe: NAT before route
No, this is not possible. Check the packet flow process diagram here for reference on where nat, policy and route lookup operations occur....
View ArticleRe: NAT before route
Thank. So the only option is to either 1) Put another router in front of the device or 2) change the IP of the actual device
View ArticleRe: NAT before route
Sorry, I think I read your question incorrectly the first time. I thought you were asking if you can perform NAT before the route lookup of the flow. But looking again I see you want to do normal...
View ArticleRe: NAT before route
It's hard to tell from that PDF, but I think that this is forwarding on the same subnet as the "untrusted" interface, I want to NAT it to a new IP address and then use the route to the next hop.
View ArticleRe: SRX340 with Filter-Based Forwarding Issue
Can you please share again current configuration?Can you also turn on traceoptionsset security flow traceoptions file fbfnat set security flow traceoptions flag basic-datapath set security flow...
View ArticleRe: Transit traffic being logged in firewall filter log
I bet it's some kind of exception traffic. Maybe ip options set? Regards, Wojtek
View ArticleRe: Transit traffic being logged in firewall filter log
Is this traffic being evaluated by any security policies, with a 'log' action? IIRC, the local firewall log gets log entries from both the 'firewall' (interface/loopback) filters as well as regular...
View ArticleRe: Transit traffic being logged in firewall filter log
wrote:Is this traffic being evaluated by any security policies, with a 'log' action? IIRC, the local firewall log gets log entries from both the 'firewall' (interface/loopback) filters as well as...
View ArticleRe: Transit traffic being logged in firewall filter log
wrote:I bet it's some kind of exception traffic. Maybe ip options set? Regards, WojtekGood thought, but sadly, no. I looked at a tcpdump of the traffic to see if this was the case and no IP options...
View ArticleRe: Security Director don't delivery correct schema configuration for SDSN
Hi,try to open one ticket to Juniper... I'll update you if you cannot open one ticket. In my personal furter analisis I found (maybe) the specific problem.The problem IS NOT on the Security...
View ArticleRe: SRX enrollment with skyATP
Problem has been solved with collaboration of jtac.Because they "manually update their skyATP infrastracture" to allow my SRX to be enrolled. In some of these case then..... only JTAC can help
View ArticleRe: Shrew VPN Connection issue
Just in case anyone wants to know, I managed to get the Shrew VPN working with the SRX1500. I changed the IKE (Phase 1) Lifetime to 180 and the Shrew VPN Client to 60. So, the scenario now with the...
View ArticleSRX650 - software installation problem
SRX650 has problem. i can not install new software. SRX boot up only loader mode. when i want to install ne software i get some error. you can find SRX log from attachement.Thanks for your help.
View ArticleRe: AutoDiscovery VPN SRX (ADVPN IPsec )
where can i check the new book? is already published?
View ArticleNAT ports to differnet internal devices
im trying to figure out how to do this in an SRX I need: (example ips and ports) traffic to internet ip 1.2.3.4 port 500 nat to DMZ ip 1.1.1.1 port 500traffic to internet ip 1.2.3.4 port 501 nat to...
View ArticleRe: NAT before route
Here's an example. The nat rule will use the zone of the ingress 3rd party device interface as from and the egress interface zone as the to address with the pool address of your chosen address.set...
View ArticleRe: NAT ports to differnet internal devices
Yes you want to use destination nat with one address port forwarding to many servers. See the example on page 9 of this NAT examples documentation....
View ArticleRe: AutoDiscovery VPN SRX (ADVPN IPsec )
The new VPN configuration examples Day One book is here with the chapter on AD VPN. https://forums.juniper.net/t5/Day-One-Books/Day-One-IPsec-VPNs-Cookbook-2018/ba-p/326916
View ArticleRe: SRX650 - software installation problem
From the loader prompt you can use these instructions to install Junos again via a USB drive copy....
View Article