{"id":639,"date":"2012-03-01T00:00:00","date_gmt":"2012-03-01T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/03\/01\/juniper-srx-nat\/"},"modified":"2021-07-24T18:19:00","modified_gmt":"2021-07-24T18:19:00","slug":"juniper-srx-nat","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html","title":{"rendered":"Juniper SRX &#8211; NAT"},"content":{"rendered":"<p>The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration examples for each.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_65 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-662d8a27a33b9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-662d8a27a33b9\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Source_NAT\" title=\"Source NAT\">Source NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Destination_NAT\" title=\"Destination NAT\">Destination NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Static_NAT\" title=\"Static NAT\">Static NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#NAT_Flow_Process\" title=\"NAT Flow Process\">NAT Flow Process<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Configuration_Examples\" title=\"Configuration Examples \">Configuration Examples <\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Source_NAT-2\" title=\"Source NAT\">Source NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Destination_NAT-2\" title=\"Destination NAT\">Destination NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Static_NAT-2\" title=\"Static NAT\">Static NAT<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Miscellaneous\" title=\"Miscellaneous\">Miscellaneous<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Proxy_ARP_NAT\" title=\"Proxy ARP NAT\">Proxy ARP NAT<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\/#Show_Commands\" title=\"Show Commands\">Show Commands<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Source_NAT\"><\/span><strong>Source NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>As the name suggests source NAT translates the source IP address. There are 2 main types of source NAT these are:<\/p>\n<p><strong>Interface NAT &#8211; <\/strong>Traffic is translated to the IP address of the egress interface.<br \/><strong>Address pools &#8211; <\/strong>Traffic is translated to an IP address within a pool.<\/p>\n<p>There are a number of features and options with source NAT. These are:<\/p>\n<p><strong>Address Persistence<\/strong> &#8211; This ensures that all PAT translations for a given host are translated through the same IP address.<br \/><strong>Disable PAT<\/strong> &#8211; When Port Address Translation (PAT) is disabled each address from a pool can only be assigned to a single host. An overflow pool can be defined to use the egress interface address should the pool become depleted.&nbsp; <br \/><strong>Overflow Pool<\/strong> Interface &#8211; This allows for addresses to be PAT\/NAT`d using the egress interface address should the previous pool become exhausted.<br \/> <strong>Port Utilization<\/strong> &#8211; This provides the ability to alarm (including SNMP) at the point that the pool reaches a given threshold.<br \/><strong>Address Shifting<\/strong> &#8211; This provides the ability to specifies the IP address where the original source IP address range begins. For for example allows you to map a 10.0.0.0\/24 to 192.168.1.1\/24 so that 10.0.0.1 would map to 192.168.1.1 and so on.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Destination_NAT\"><\/span><strong>Destination NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Destination NAT is the translation of the destination IP address (and optionally the destination port). Destination NAT is commonly used for port forwarding scenario&#8217;s where multiple services are mapped (using a single) to many different servers .<\/p>\n<p>Some common destination NAT &#8220;feature(s)&#8221; are:<strong><br \/><\/strong><br \/><strong>Address Pools <\/strong>&#8211; This allows for a pool of destination addresses to be defined.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Static_NAT\"><\/span><strong>Static NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Static NAT allows for the translation in both directions. This allows for the source IP address to be translation for traffic originating from the server whilst also provide destination NAT for traffic destined inbound to the server.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"NAT_Flow_Process\"><\/span><strong>NAT Flow Process<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Below shows the NAT process that traffic takes when transversing the SRX.<\/p>\n<\/p>\n<p>Based on the diagram above this raises 2 key requirements.<\/p>\n<ol>\n<li>Destination IP translations &#8211; The security policy is written using the post translated address.<\/li>\n<li>Source IP translations &#8211; The security policy is written using the pre translated address.<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Configuration_Examples\"><\/span><strong>Configuration Examples<br \/><\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><span class=\"ez-toc-section\" id=\"Source_NAT-2\"><\/span><strong>Source NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Within this example all address from the trust zone destined to the untrust zone would be source NAT`d to the egress interface IP address.<\/p>\n<p class=\"codemulti\">root@srx100# edit security nat source rule-set nat-trust-untrust<br \/>[edit security nat source rule-set nat-trust-untrust]<\/p>\n<p>root@srx100# set from zone trust<br \/>root@srx100# set to zone untrust<br \/>root@srx100# set rule source-nat-rule<br \/>root@srx100# set rule source-nat-rule match source-address 0.0.0.0<br \/>root@srx100# set rule source-nat-rule then source-nat interface<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Destination_NAT-2\"><\/span><strong>Destination NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Within this example we translate the destination IP and port of 33.33.33.33:2222 to 192.168.1.5:22.<\/p>\n<p> <strong><em>Note<\/em><\/strong> : When adding the security policy for access into your server you must add the real IP address \/ Port.<\/p>\n<p class=\"codemulti\">root@srx100# set security zones security-zone trust address-book address SERVERA-REALIP 192.168.1.5\/32<\/p>\n<p>root@srx100# set applications application SSH-DNAT protocol tcp<br \/>root@srx100# set applications application SSH-DNAT destination-port 2222<\/p>\n<p>root@srx100# set security nat destination pool DNAT-POOL-SERVERA address 192.168.1.5\/32<br \/>root@srx100# set security nat destination pool DNAT-POOL-SERVERA address port 22<\/p>\n<p>root@srx100# set security nat destination rule-set dst-nat from zone untrust<\/p>\n<p>root@srx100# set security nat destination rule-set dst-nat rule rule1 match destination-address 33.33.33.33\/32<br \/>root@srx100# set security nat destination rule-set dst-nat rule rule1 match destination-port 2222<br \/>root@srx100# set security nat destination rule-set dst-nat rule rule1 then destination-nat pool DNAT-POOL-SERVERA<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Static_NAT-2\"><\/span><strong>Static NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Within the following commands the host 192.168.1.1 will be accessible via the destination address 33.33.33.33 via the untrust zone. Like wise any traffic coming from this host will be source NAT`d behind 33.33.33.33.<\/p>\n<p class=\"codemulti\">root@srx100# edit security nat static rule-set static-nat<br \/>[edit security nat static rule-set static-nat]<\/p>\n<p>root@srx100# set from zone untrust<br \/>root@srx100# set rule rule1 match destination-address 33.33.33.33\/32<br \/>root@srx100# set rule rule1 then static-nat prefix 192.168.1.1\/32<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Miscellaneous\"><\/span><strong>Miscellaneous<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h4><span class=\"ez-toc-section\" id=\"Proxy_ARP_NAT\"><\/span><strong>Proxy ARP NAT<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>NAT proxy ARP instructs the SRX to proxy ARP (reply) on behalf of the IP address assigned within the subnet of the ingress interface.<br \/>Below shows you commands required if you wanted to publish (proxy arp) for the addresses 10.1.1.1-5 on interface fe-0\/0\/0.0.<\/p>\n<p class=\"codemulti\">root@srx100# set security nat proxy-arp interface fe-0\/0\/0.0 address 10.1.1.1 to 10.1.1.5<\/p>\n<h4><span class=\"ez-toc-section\" id=\"Show_Commands\"><\/span><strong>Show Commands<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ul>\n<li>show security nat source rule all<\/li>\n<li>show security nat source pool all<\/li>\n<li>show security nat source summary<\/li>\n<li>show security nat interface-nat-ports<\/li>\n<li>show security flow session<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration examples for each. Source NAT As the name suggests source NAT translates the source IP address. There are 2 main types of source NAT these are: Interface NAT &#8211; Traffic &#8230; <a title=\"Juniper SRX &#8211; NAT\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\" aria-label=\"Read more about Juniper SRX &#8211; NAT\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":638,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Juniper SRX - NAT - Fir3net<\/title>\n<meta name=\"description\" content=\"The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Juniper SRX - NAT - Fir3net\" \/>\n<meta property=\"og:description\" content=\"The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2012-03-01T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T18:19:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png\" \/>\n\t<meta property=\"og:image:width\" content=\"645\" \/>\n\t<meta property=\"og:image:height\" content=\"393\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Juniper SRX &#8211; NAT\",\"datePublished\":\"2012-03-01T00:00:00+00:00\",\"dateModified\":\"2021-07-24T18:19:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\"},\"wordCount\":735,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png\",\"articleSection\":[\"Juniper Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\",\"name\":\"Juniper SRX - NAT - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png\",\"datePublished\":\"2012-03-01T00:00:00+00:00\",\"dateModified\":\"2021-07-24T18:19:00+00:00\",\"description\":\"The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png\",\"width\":645,\"height\":393},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Juniper Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/juniper\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Juniper SRX &#8211; NAT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Juniper SRX - NAT - Fir3net","description":"The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html","og_locale":"en_US","og_type":"article","og_title":"Juniper SRX - NAT - Fir3net","og_description":"The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html","og_site_name":"Fir3net","article_published_time":"2012-03-01T00:00:00+00:00","article_modified_time":"2021-07-24T18:19:00+00:00","og_image":[{"width":645,"height":393,"url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png","type":"image\/jpeg"}],"author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Juniper SRX &#8211; NAT","datePublished":"2012-03-01T00:00:00+00:00","dateModified":"2021-07-24T18:19:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html"},"wordCount":735,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png","articleSection":["Juniper Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html","name":"Juniper SRX - NAT - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage"},"image":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage"},"thumbnailUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png","datePublished":"2012-03-01T00:00:00+00:00","dateModified":"2021-07-24T18:19:00+00:00","description":"The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#primaryimage","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/2012\/03\/images_legacy_srx-nat.png","width":645,"height":393},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-nat.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Juniper Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/juniper"},{"@type":"ListItem","position":5,"name":"Juniper SRX &#8211; NAT"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/639"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=639"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/639\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media\/638"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=639"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=639"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}