Knowledge Search


SRX Getting Started - Configure NAT (Network Address Translation)

  [KB15758] Show Article Properties


This article identifies resources for configuring, verifying and troubleshooting Network Address Translation (NAT) on SRX Series devices.

For other topics, go to the SRX Getting Started main page.


Configure NAT:  Source NAT, Destination NAT, and Static NAT.



This section contains the following topics:


In addition to the technical documentation, the following three Tech Note documents have NAT configuration examples:
  • An understanding of the NAT rule-set evaluation priority is important for configuring NAT.  If a packet matches multiple rule-sets, the most specific match takes precedence.  The order of precedence is as follows (first destination, then source):
    • Interface
    • Zone
    • Routing-Instance
    Refer to the 'New Design and Processing' section of TN8 for diagrams of the flow and more information.

  • Although the title of TN25 refers to ScreenOS users, the examples in the Tech Note are beneficial to non-ScreenOS users, too. 

Technical Documentation


The following commands are helpful for verifying and troubleshooting NAT:
show security nat source summary
show security nat source rule
show security nat source pool
show security nat destination summary
show security nat destination pool
show security nat destination rule
show security nat static rule
show security flow session
Verifying Network Address Translation


KB21922 - Resolution Guides and Articles - SRX - NAT

KB16252 - Troubleshooting NAT in SRX series

Related Links: