Le 06/07/2012 3:56, Chris Hellberg a écrit :
The order is: screen options -> D-NAT -> route lookup -> policy -> S-NAT ->
others.
/chris
---
This order implies that you must systematically use real IP addresses in
your security policies, even if there is NAT involved; (this is a main
differenc
The order is: screen options -> D-NAT -> route lookup -> policy -> S-NAT ->
others.
/chris
---
-Original Message-
From: Ge Moua
Sender: juniper-nsp-boun...@puck.nether.net
Date: Fri, 06 Jul 2012 08:41:10
To:
Subject: [j-nsp] order of operations for NAT & zone polic
j-nsp:
I am running into an issue on Juniper SRX where I am seeing zone policy
deny for destination-based NAT traffic (ie, untrusted to trusted zone).
My assumption for SRX order of operation is as follow:
* perform zone policy enforcement (to dest NAT ip_addr / ARIN public)
* perform NAT translat
3 matches
Mail list logo