Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Verifying that static NAT rules are being used

0

0

Article ID: KB21918 KB Last Updated: 24 Jun 2020Version: 2.0
Summary:

This article helps you to verify that the static NAT rule is being hit by using the show security nat static rule all/rulename operational command.

Note: The Resolution Guides for SRX NAT refer to this article.

 

Symptoms:

Note: Order is not important in static NAT because all the rules are unique. (This is forced by the configuration checker.)

Let us assume a sample static NAT configuration as given below:

Rule 'http':  Matches destination 1.1.1.2 and NATs it to the destination IP 192.168.5.1

Below is the corresponding configuration commands:

show security nat static   
rule-set from-internet {
    from zone untrust;
    rule http {
        match {
            destination-address 1.1.1.2/32;
        }
        then {
            static-nat prefix 192.168.5.1/32;
        }
    }
}

 

Solution:

The output of the command is given below with an explanation of the output. You can tell if the rule is being hit by viewing the "Translation hits" field.

show security nat static rule http 
Static NAT rule: http    Rule-set: from-internet ## This is the Rule-set name.
  Rule-Id                : 2
  Rule position          : 1 ## Rule position will not matter, because the static NAT rules are unique.
  From zone              : untrust ## Traffic from/to this zone will be evaluated.
  Destination addresses  : 1.1.1.2 ## Destination IP before translation
  Host addresses         : 192.168.5.1 ## Destination IP after translation
  Netmask                : 32
  Host routing-instance  : N/A
  Translation hits       : 10 ## This will tell us how many times the rule is hit.

 

Modification History:

2020-06-24: Article reviewed for accuracy; no changes required.

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search