Category: nat

Transparent Squid Proxy with SRX

This post is showing a simple destination NAT rule in which how you can use a transparent squid proxy to which you redirect your clients’ HTTP requests. Our client device’s HTTP requests will be redirected to our Squid Proxy server on this topology i.e hostF won’t need any config for its requests to be proxied.

Linux iptables to SRX NAT

Below you will find a simple example for those who use Linux iptables and now need to use SRX NAT. I am giving destination and source nat examples in both systems to easily compare the way NAT is configured in both firewalls. In both scenarios I will use the following topology in which ubuntu3 is
Read More »

Port forwarding with new static nat feature

Starting with junos 11.4R5 (If I remember correctly), you can also forward ports by static nat  configuration. We were able to do this only by destination nat feature but it was a bit clunky in comparison to this feature. Configuration is pretty straight forward.  You redirect the port number “80” in destination-port statement to the
Read More »

Static NAT in SRX

Today’s post is about static NAT configuration in SRX firewall. I have the following topology and aim is to translate IP network 192.168.211.16/28 to 192.168.250.32/28 and vice versa. JGW1 SRX has 192.168.250.1 in its uplink zone facing interface and 192.168.211.1 in trust zone facing interface and the static nat configuration for this setup is as
Read More »

Port forwarding in SRX

In today’s post I would like to give an example on how to configure destination port forwarding in juniper srx. For this purpose I am using an ubuntu linux running web service at TCP 80 port and an SRX firewall in front of it. Our aim is to forward any request arriving SRX box at
Read More »

Junos NAT

Doing NAT is very easy with SRX indeed. For example: SOURCE NAT (INTERFACE BASED)  [edit security nat] root@host# show | display set set security nat source rule-set rs1 from zone trust set security nat source rule-set rs1 to zone untrust set security nat source rule-set rs1 rule rl1 match source-address 10.200.2.0/24 set security nat source
Read More »