Knowledge Search


×
 

NAT rule limits on SRX and J-series routers

  [KB14149] Show Article Properties


Summary:

This article provides information about the NAT rule limits on SRX and J-series routers.

Symptoms:

Provide information about the NAT rule limits on SRX and J-series routers.

Cause:

Solution:

In Junos 10.2 and later, there are no longer limits on the number of rules per rule-set. Instead, there is a platform-wide limitation of rules.

The limits for each platform (for Junos 12.1x44 and above) are listed below.


SRC NAT Rules

DST NAT Rules

Static NAT Rules

J-series

512

512

512

SRX100/110/210 (both B and H)

512

512

512

SRX220H

768

768

768

SRX240 (both B and H)

1024

1024

1024

SRX100H2/110H2/210H2/220H2/240H2

1024

1024

6144

SRX550/650

1024

1024

6144

SRX1400

8192

8192

8192

SRX3400/3600

20480

20480

20480

SRX5600/5800

30720

30720

30720


CLI

On an SRX device, the CLI command below also provides this same NAT information:

show log nsd_chk_only | match NAT | match " = "

Example

On SRX240H2, 12.1X45:

root> show log nsd_chk_only | match NAT | match " = "
Source NAT rule number = 1024
Dest NAT rule number = 1024
Static NAT rule number = 6144
Interface NAT port ol factor = 64
Source NAT rule-set number = 1024
Dest NAT rule-set number = 1024
Static NAT rule-set number = 6144
Maximum Destination Address per Policy = (1 / 1024)

Related Links: