Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

'get xlate' does not show all NAT translations

0

0

Article ID: KB13914 KB Last Updated: 24 Apr 2009Version: 1.0
Summary:
The get xlate command is not showing any entries or is showing fewer entries than are expected despite the firewall configured to source NAT a lot of traffic.
Symptoms:

Solution:
The 'get xlate' command only returns NAT translations used by the ALG's (VoIP, FTP, etc).  It will not show translations for traffic that does not get processed by an ALG. 

At this time, the only ScreenOS NAT table available to display is 'get int <int> dip detail' , if a DIP pool is configured.    (The 'get int <int> dip detail' command will only display for DIP pools 4-252, whereas interface NAT used DIP pool 2.)

There is no command in ScreenOS that shows all NAT translations directly.
Rather to see all translations one should refer to the session table, 'get session', or the traffic logs, 'get log traffic', if policy logging is enabled.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search