Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Can you combine NAT/Route (L3) mode and transparent (L2) mode on a single firewall?

0

0

Article ID: KB6224 KB Last Updated: 20 Aug 2010Version: 5.0
Summary:

Can you combine NAT/Route (L3) mode and transparent (L2) mode on a single firewall?

Can you configure some interfaces in NAT/Route (L3) mode and some interfaces in transparent (L2) mode on a single firewall?

Symptoms:
  • Can you combine interfaces in NAT or ROUTE mode AND transparent mode on a single firewall?
  • Arbitrarily assign any interface to any mode?
Solution:

You cannot  configure some interfaces in NAT or Route mode (L3 mode) AND some interfaces in transparent mode (L2 mode) in the same VR. 
ScreenOS will let you configure it, but this configuration is NOT supported.

This also applies to a VSYS. You cannot have one VSYS in L2 mode and another in L3 mode.

ScreenOS 6.2 (and below) supports Route/NAT mode and Transparent mode, but Route/NAT mode or Transparent mode must be run exclusively.

In Route/NAT mode, the device acts as a router with security features. In Route/NAT mode, all physical interfaces should be bound with the L3 zone or the Null zone.

In Transparent mode, the device acts like a switch with security features. All physical interfaces should be bound with the L2 zone or the Null zone.

NOTE:  Interface NAT mode will only work if the interface is bound to the Trust or DMZ zones.  Interface NAT mode will not work on an interface bound to a custom zone.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search