- play_arrow Administration Portal
- play_arrow Introduction
- Unified Administration and Customer Portal Overview
- Administration Portal Overview
- Logging in to Administration Portal
- Switching the Tenant Scope
- Changing the Administration Portal Password
- Changing the Password on First Login
- Resetting the Password
- Setting Password Duration
- Extending the User Login Session
- Setting Up the Cloud CPE Centralized Deployment Model with Administration Portal
- Setting Up the Cloud CPE Distributed Deployment Model with Administration Portal
- play_arrow Managing Objects
- play_arrow Using the Dashboard
- play_arrow Monitoring Alerts, Alarms, and Device Events
- play_arrow Monitoring Tenants SLA Performance
- Multidepartment CPE Device Support
- About the SLA Performance of All Tenants Page
- About the SLA Performance of a Single Tenant Page
- Monitoring Application-Level SLA Performance for real time-optimized SD-WAN
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Understanding SLA Performance Score for Applications, Links, Sites, and Tenants
- play_arrow Monitoring Jobs
- play_arrow Managing POPs
- About the POPs Page
- Creating a Single POP
- Importing Data for Multiple POPs
- Viewing the History of POP Data Imports
- Viewing the History of POP Data Deletions
- Managing a Single POP
- About the VIMs Page
- Creating a Cloud VIM
- About the EMS Page
- Creating an EMS
- Changing the Junos Space Virtual Appliance Password
- About the Routers Page
- Creating Devices
- Configuring Devices
- View the History of Device Data Deletions
- play_arrow Managing Devices
- About the Tenant Devices Page
- About the Cloud Hub Devices Page
- Managing a Tenant Device
- Managing a Cloud Hub Device
- Device Redundancy Support Overview
- Viewing the History of Tenant Device Activation Logs
- Viewing the History of Cloud Hub Device Activation Logs
- Secure OAM Network Overview
- Adding a Cloud Hub Device
- Upgrading a Cloud Hub Device
- Rebooting a CPE Device
- play_arrow Managing Device Templates
- play_arrow Managing Software Images
- play_arrow Configuring Network Services in a Centralized Deployment
- Network Services Overview
- About the Network Services Page
- About the Service Overview Page
- About the Service Instances Page
- Configuring VNF Properties
- Allocating a Service to Tenants
- Removing a Service from Tenants
- Viewing a Service Configuration
- vSRX VNF Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- Managing a Single Service
- play_arrow Configuring Application SLA Profiles
- Application Quality of Experience (AppQoE) Overview
- About the Application Traffic Type Profiles Page
- Creating Traffic Type Profiles
- Editing and Deleting Traffic Type Profiles
- SLA Profiles and SD-WAN Policies Overview
- Cost-Based Link Switching
- Local Breakout Overview
- About the Application SLA Profiles Page
- Creating SLA Profiles
- Editing and Deleting SLA Profiles
- play_arrow Configuring Application Signatures
- play_arrow Managing Tenants
- play_arrow Managing Operating Companies
- play_arrow Configuring SP Users
- play_arrow Managing Audit Logs
- play_arrow Managing Roles
- play_arrow Configuring Authentication
- play_arrow Configuring Licenses
- play_arrow Customizing the Unified Portal
- play_arrow Managing Signature Database
-
- play_arrow Designer Tools
- play_arrow Configuration Designer
- Configuration Designer Overview
- Accessing the Configuration Designer
- Using the Configuration Designer
- Changing Your Password
- About the Requests Page for the Configuration Designer
- Creating Requests for Configuration Templates
- Designing Templates with a YANG Configuration
- Designing Templates with a Configuration
- Publishing Configuration Templates
- About the Designs Page for the Configuration Designer
- Cloning Configuration Templates
- Deleting Configuration Template Designs
- play_arrow Resource Designer
- Resource Designer Overview
- Using the Resource Designer
- Accessing the Resource Designer
- About the Requests Page for the Resource Designer
- VNF Overview
- Creating Requests for VNF Packages
- Designing VNF Packages
- Adding VNF Managers
- Publishing VNF Packages
- About the Designs Page for the Resource Designer
- Cloning VNF Packages
- Importing VNF Packages
- Exporting VNF Packages
- Deleting VNF Packages
- play_arrow Network Service Designer introduction
- play_arrow Creating Requests for Network Services
- play_arrow Creating Network Services
- About the Build Page for the Network Service Designer
- Viewing Information About VNFs
- Designing Network Services
- Connecting VNFs in a Service Chain
- Defining Ingress and Egress Points for a Service Chain
- Monitoring Performance Goals
- Configuring Network Services
- vSRX Configuration Settings
- LxCIPtable VNF Configuration Settings
- Cisco CSR-1000v VNF Configuration Settings
- Riverbed Steelhead VNF Configuration Settings
- Fortinet VNF Configuration Settings
- Ubuntu VNF Configuration Settings
- play_arrow Managing Network Services
-
- play_arrow Downloads
Creating NAT Policy Rules
NAT processing centers on the evaluation of NAT rule sets and rules. A rule set determines the overall direction of the traffic to be processed. After a rule set that matches the traffic is found, each rule in the rule set is evaluated for a match. NAT rules can match on the following packet information:
Source and destination address
Source port (for source and static NAT only)
Destination port
The first rule in the rule set that matches the traffic is used. If a packet matches a rule in a rule set during session establishment, traffic is processed according to the action specified by that rule.
To create a new NAT rule, click the NAT policy name. The Single NAT Policy page appears, providing your with options to configure NAT rules. Alternately, you can click on the rule number listed under Rules against the policy, to create a new rule. You can configure the following types of NAT rules:
Static—To add a static NAT rule, click Add Static NAT Rule or click Create on the top right corner and select Static.
Source—To add a source NAT rule, click Add Source NAT Rule or click Create on the top right corner and select Source.
Destination—To add a destination NAT rule, click Add Destination NAT Rule or click Create on the top right corner and select Destination.
Depending on the type of rule you have chosen, some fields in the rule will not be applicable. In addition to defining rules between zones and interfaces, you can define NAT rules with virtual routers defined on the device. These rules can be successfully published and updated on the device.
To create a NAT policy rule:
- Select Configuration > NAT > NAT Policies.
The NAT Policies page appears, displayed the existing NAT policies.
- Click the name of the NAT policy for which you want to
create rules. Alternately, you can click on the number listed under Rules against a NAT policy.
The Single NAT Policy page appears.
- Click Create and select either Source, Static, or Destination. The page displays fields for creating a NAT rule.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel instead.
A NAT rule with the configuration you provided is created.
Table 1 provides guidelines on using the fields on the Single NAT Policy page.
Table 1: Fields on the Single NAT Policy Page for Creating NAT Rules
Field | Description |
|---|---|
Source | Click the add icon (+) to select the source endpoints on which the NAT policy rule applies, from the displayed list of addresses, protocols, interfaces, routing instances, zones, or ports. The possible endpoints for source differ based on whether the NAT rule is a source, destination, or static NAT rule.
You can also select a source endpoint by using the methods described in Selecting NAT Source. |
Destination | Click the add icon (+) to select the destination endpoints on which the NAT policy rule applies, from the displayed list of addresses, interfaces, services, routing instances, zones, or ports. The possible endpoints for destination differ based on whether the NAT rule is a source, destination, or static NAT rule.
You can select a destination endpoint by using the methods described in Selecting NAT Destination. Note: When you create a destination NAT rule for traffic arriving on an interface that terminates a VPN link, the translation process may break the VPN link. This will happen if the destination address in a destination NAT rule is specified only as the WAN-facing IP address of that interface. For example, in the following NAT rule, any traffic destined to Wan.IP will get translated to the destination pool and will break functionality of the VPN link packets terminating on this interface.
Therefore, the recommendation in such cases is to use a destination
NAT rule with destination field as
|
| Translation | |
Translation Type | Specify the translation type for the incoming traffic. The translation options vary based on whether you are creating a source, static, or destination NAT rule. Chose one among the following translation types for a source NAT rule:
Chose one among the following translation types for a static NAT rule:
Chose one among the following translation types for a destination NAT rule:
|
Advanced Settings (Optional) | Click Configure to configure advance settings for a source or static NAT rule. For more information about advanced settings for the translation types Interface and Pool for a source NAT rule, see Table 2. For more information about advanced settings for the translation types Interface and Pool for a static NAT rule, see Table 3 |
| Details | |
Name | Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters. |
Description | Enter a description for the policy intent; maximum length is 1024 characters. |
End Points | Create source and destination endpoints such as addresses and services.
To edit the configured parameters of an address or service, hover over it and click on the edit icon (pencil symbol). |
Table 2 provides guidelines on using the fields on the Advanced Settings page for a source NAT rule.
Table 2: Fields on the Advanced Settings Page for Source NAT Rule
Field | Description |
|---|---|
Persistent | Enable the check box to ensure that all requests from the same internal transport address are mapped to the same reflexive transport address. Note: For persistence to be applicable for the NAT policy, ensure that port overloading is turned off for the device to which the NAT policy is applicable. Use the following command to turn off port overloading for a device: [Edit mode] set security nat source interface port-overloading off |
Persistent NAT Type | Configure persistent NAT mappings.
|
Inactivity Timeout | The amount of time, in seconds, that the persistent NAT binding remains in the site’s memory when all the sessions of the binding entry have ended. When the configured timeout is reached, the binding is removed from memory. The value of the inactivity timeout can range from 60 through 7200 seconds. The default value of the inactivity timeout is 60 seconds. |
Maximum Session Number | Maximum session number—The maximum number of sessions with which a persistent NAT binding can be associated. For example, if the maximum session number of the persistent NAT rule is 65,536, then a 65,537th session cannot be established if that session uses the persistent NAT binding created from the persistent NAT rule. The range is 8 through 65,536. The default is 30 sessions. |
Address Mapping | Select an address from the available list. |
Pool Address | Displays the NAT pool address. |
Host Address Base | Displays the base address of the original source IP address range. The host address base is used for IP address shifting. |
Port Translation | Displays whether port translation is enabled or disabled for this NAT rule. |
Overflow Pool Type | Displays the source pool to be used when the current address pool is exhausted. |
Overflow Pool Name | Displays the name of the overflow pool. |
Mapped Port Type | Specify the type of port mapping:
|
Table 3 provides guidelines on using the fields on the Advanced Settings page for a static NAT rule.
Table 3: Fields on the Advanced Settings Page for Static NAT Rule
Field | Description |
|---|---|
Mapped Port Type | Specify the type of port mapping:
|
Routing Instance | Select the routing instance for the static NAT rule. |
