Navigation
Supported Platforms
Related Documentation
[edit security nat] Hierarchy Level
security {nat {destination {pool pool-name {address <ip-address> {(port port-number | to ip-address);}description text;routing-instance (routing-instance-name | default);}rule-set rule-set-name {description text;from {interface [interface-name];routing-instance [routing-instance-name];zone [zone-name];}rule rule-name {description text;match {application {[application];any;}(destination-address ip-address | destination-address-name address-name);destination-port (port-or-low <to high>);protocol [protocol-name-or-number];source-address [ip-address];source-address-name [address-name];}then {destination-nat (off | pool pool-name | rule-session-count-alarm (clear-threshold value | raise-threshold value));}}}}proxy-arp interface interface-name address ip-address;to ip-address;}proxy-ndp interface interface-name address ip-address;to ip-address;}source {address-persistent;interface (port-overloading off | port-overloading-factor number);pool pool-name {address ip-address { to ip-address;}address-persistent subscriber ipv6-prefix-length prefix-length;address-pooling (paired | no-paired); address-shared;description text;host-address-base ip-address;overflow-pool (pool-name | interface);pool-utilization-alarm (clear-threshold value | raise-threshold value);port {block-allocation {active-block-timeouttimeout-interval;block-size block-size;log disable;maximum-blocks-per-host maximum-block-number}deterministic {block-size block-size;host {address ip-address;address-name address-name;}no-translation;port-overloading-factor number;range {port-low <to port-high>;to port-high;twin-port port-low <to port-high>;}}routing-instance routing-instance-name;}pool-default-port-range lower-port-range to upper-port-range;pool-default-twin-port-range lower-port-range to upper-port-range;pool-utilization-alarm (clear-threshold value | raise-threshold value);port-randomization disable;rule-set rule-set-name {description text;from {interface [interface-name];routing-instance [routing-instance-name];zone [zone-name];}rule rule-name {description text;match {application {[application];any;}(destination-address <ip-address> | destination-address-name <address-name>);destination-port (port-or-low <to high>);protocol [protocol-name-or-number];source-address [ip-address];source-address-name [address-name];source-port (port-or-low <to high>);}then source-nat;interface {persistent-nat {address-mapping;inactivity-timeout seconds;max-session-number value;permit (any-remote-host | target-host | target-host-port);}off;pool <pool-name> persistent-nat address-mapping;inactivity-timeout seconds;max-session-number number;permit (any-remote-host | target-host | target-host-port);}rule-session-count-alarm (clear-threshold value | raise-threshold value);}}to {interface [interface-name];routing-instance [routing-instance-name];zone [zone-name];}}}static rule-set rule-set-name;description text;from {interface [interface-name];routing-instance [routing-instance-name];zone [zone-name];}rule rule-name {description text;match {(destination-address <ip-address> | destination-address-name <address-name>);destination-port (port-or-low | <to high>);source-address [ip-address];source-address-name [address-name];source-port (port-or-low <to high>);}then static-nat;inet {routing-instance (routing-instance-name | default);}prefix {address-prefix;mapped-port lower-port-range to upper-port-range;routing-instance (routing-instance-name| default);}prefix-name {address-prefix-name;mapped-port lower-port-range to upper-port-range;routing-instance (routing-instance-name | default);}rule-session-count-alarm (clear-threshold value | raise-threshold value);}}}}}traceoptions {file {filename;files number;match regular-expression;(world-readable | no-world-readable);size maximum-file-size;}flag flag;no-remote-trace;}}}
