Supported Platforms
Related Documentation
- J, LN, SRX Series
- Monitoring Overview
- Monitoring Interfaces
- Additional Information
- Junos OS Interfaces Library for Security Devices
Monitoring NAT
This section contains the following topics:
Monitoring Source NAT Information
Purpose
Display configured information about source Network Address Translation (NAT) rules, pools, persistent NAT, and paired addresses.
Action
Select Monitor>NAT>Source NAT in the J-Web user interface, or enter the following CLI commands:
- show security nat source summary
- show security nat source pool pool-name
- show security nat source persistent-nat-table
- show security nat source paired-address
Table 1 describes the available options for monitoring source NAT.
Table 1: Source NAT Monitoring Page
Field | Description | Action |
|---|---|---|
| Rules | ||
Rule-set Name | Displays the rule-sets configured in the system. | Select all rule sets or a specific rule set to display from the list. |
Total rules | Displays the total number of configured rules. | – |
ID | Displays the rule identification number. | – |
Name | Displays the name of the source NAT rule. | – |
Ruleset Name | Displays the name of the source NAT rule set. | – |
From | Displays the zone, routing instance, or interface from which the packets flow. | – |
To | Displays the zone, routing instance, or interface to which the packets flow. | – |
Source address range | Displays the source IP address range. | – |
Destination address range | Displays the destination IP address range. | – |
Ip protocol | Displays the IP protocol. | – |
Action | Action taken in regard to a packet that matches a rule. | |
Persistent NAT type | Displays the persistent NAT type. | – |
Inactivity timeout | Displays inactivity timeout interval for the persistent NAT binding. | – |
Max session number | Displays the maximum number of sessions. | – |
Translation hits | Displays the number of translation hits. | – |
| Pools | ||
Pool Name | Displays the names of the pools configured in the system. | Select all pools or a specific pool to display from the list. |
Total Pools | Displays the total number of source pools configured in the system. | – |
ID | Displays the identification number of the source pool. | – |
Name | Displays the name of the source pool. | – |
Address range | Displays the IP address or IP address range of the source pool. | – |
Single/Twin ports | Displays the number of allocated single and twin ports. | – |
Port | Displays the port numbers used for the source pool. | – |
Address assignment | Displays the type of address assignment. | – |
Port overloading factor | Displays the port overloading capacity. | – |
Routing instance | Displays the name of the routing instance. | – |
Total addresses | Displays the number of IP addresses that are in use. | – |
Host address base | Displays the base address of the original source IP address range. | – |
Translation hits | Displays the number of translation hits. | – |
| Persistent NAT | ||
| Persistent NAT table statistics | ||
FPC PIC ID | Displays the identification number of the Flexible PIC Concentrator (FPC). | – |
binding total | Displays the total number of persistent NAT bindings for the FPC. | – |
binding in use | Displays the number of persistent NAT bindings that are in use for the FPC. | – |
enode total | Displays the total number of persistent NAT enodes for the FPC. | – |
enode in use | Displays the number of persistent NAT enodes that are in use for the FPC. | – |
| Persistent NAT table | ||
Source NAT pool | Displays the names of the pools configured in the system. | Select all pools or a specific pool to display from the list. |
Internal IP | Displays the internal IP addresses configured in the system. | Select all IP addresses or a specific IP address to display from the list. |
Internal port | Displays the internal ports configured in the system. | Select the port to display from the list. |
Internal protocol | Displays the internal protocols configured in the system. | Select all protocols or a specific protocol to display from the list. |
Internal IP | Displays the internal transport IP address of the outgoing session from internal to external. | – |
Internal port | Displays the internal transport port number of the outgoing session from internal to external. | – |
Internal protocol | Displays the internal protocol of the outgoing session from internal to external. | – |
Reflective IP | Displays the translated IP address of the source IP address. | – |
Reflective port | Displays the translated number of the port. | – |
Reflective protocol | Displays the translated protocol. | – |
Source NAT pool | Displays the name of the source NAT pool where persistent NAT is used. | – |
Type | Displays the persistent NAT type. | – |
Left time/Conf time | Displays the inactivity timeout period that remains and the configured timeout value. | – |
Current session num/Max session num | Displays the number of current sessions associated with the persistent NAT binding and the maximum number of sessions. | – |
Source NAT rule | Displays the name of the source NAT rule to which this persistent NAT binding applies. | – |
| External node table | ||
Internal IP | Displays the internal transport IP address of the outgoing session from internal to external. | – |
Internal port | Displays the internal port number of the outgoing session from internal to external. | – |
External IP | Displays the external IP address of the outgoing session from internal to external. | – |
External port | Displays the external port of the outgoing session from internal to external. | – |
Zone | Displays the external zone of the outgoing session from internal to external. | – |
| Paired Address | ||
Pool name | Displays the names of the pools that contain paired IP addresses. | Select all pools or a specific pool to display from the list. |
Specified Address | Displays the IP address types. | Select the IP address type to display; then enter the IP address. |
Pool name | Displays the selected pools that contain paired IP addresses. | – |
Internal address | Displays the internal IP address. | – |
External address | Displays the external IP address. | – |
Monitoring Destination NAT Information
Purpose
View the destination Network Address Translation (NAT) summary table and the details of the specified NAT destination address pool information.
Action
Select Monitor>NAT>Desitnation NAT in the J-Web user interface, or enter the following CLI commands:
- show security nat destination summary
- show security nat destination pool pool-name
Table 2 summarizes key output fields in the destination NAT display.
Table 2: Summary of Key Destination NAT Output Fields
Field | Values | Additional Information |
|---|---|---|
| Destination NAT Rules Filter Options | ||
Rule-Set Name | Name of the rule set. | – |
Total Rules | Total rules available. | – |
| Destination NAT Rules Tab Options | ||
ID | ID of the rule. | – |
Name | Name of the rule . | – |
Ruleset Name | Name of the ruleset. | – |
From | Name of the routing instance/zone/interface from which the packet flows. | – |
To | Name of the routing instance/zone/interface to which the packet flows . | – |
Source Address Range | Source IP address range in the source pool. | – |
Destination Address Range | Destination IP address range in the source pool. | – |
Action | Action configured for the destination NAT rules. | – |
Destination Port | Destination port in the destination pool. | – |
Translation Hits | Number of times the router translates two components in the IP header of the incoming packet. | – |
| Pools Filter Option | ||
Pool Name | Drop-down box for selecting the pool name to be displayed. | – |
Total Pools | Total pools added. | – |
| Pools Tab Option | ||
ID | ID of the pool. | – |
Name | Name of the destination pool. | – |
Address Range | IP address range in the destination pool. | – |
Port | Destination port number in the pool. | – |
Routing Instance | Name of the routing instance. | – |
Total Addresses | Total IP address, IP address set, or address book entry. | – |
Translation Hits | Number of times a translation in the translation table is used for destination NAT. | – |
Address High | Ending IP address of one address range in the source pool. | – |
| Top 10 Translation Hits | ||
Graph | Displays the graph of top 10 translation hits. | – |
Monitoring Static NAT Information
Purpose
View static NAT rule information.
Action
Select Monitor>NAT>Static NAT in the J-Web user interface, or enter the following CLI command:
show security nat static rule
Table 3 summarizes key output fields in the static NAT display.
Table 3: Summary of Key Static NAT Output Fields
Field | Values | Additional Information |
|---|---|---|
| Rule Filter Option | ||
Rule-Set Name | Filter to sort rules by name. | – |
Total Rules | Number of rules configured. | – |
| Rule Tab Option | ||
ID | Rule ID number. | – |
Position | – | |
Name | Name of the rule. | – |
Rule set Name | Name of the rule set. | – |
From | Name of the routing instance/interface/zone from which the packet comes | – |
Destination Address | Destination IP address and subnet mask. | – |
Host Address | Host IP address and subnet mask mapped to the destination IP address and subnet mask. | – |
Netmask | Subnet IP address. | – |
Host Routing Instance | Name of the routing instance from which the packet comes. | – |
Translation Hits | Number of times a translation in the translation table is used for a static NAT rule. | – |
Monitoring Incoming Table Information
Purpose
View NAT table information.
Action
Select Monitor>NAT>Incoming Table in the J-Web user interface, or enter the following CLI command:
show security nat incoming-table
Table 4 summarizes key output fields in the incoming table display.
Table 4: Summary of Key Incoming Table Output Fields
Field | Values | Additional Information |
|---|---|---|
| Statistics | ||
In use | Number of entries in the NAT table. | – |
Maximum | Maximum number of entries possible in the NAT table. | – |
Entry allocation failed | Number of entries failed for allocation. | – |
| Incoming Table | ||
Clear | – | |
Destination | Destination IP address and port number. | – |
Host | Host IP address and port number that the destination IP address is mapped to. | – |
References | Number of sessions referencing the entry. | – |
Timeout | Timeout, in seconds, of the entry in the NAT table. | – |
Source-pool | Name of source pool where translation is allocated. | – |
Monitoring Interface NAT Port Information
Purpose
View port usage for an interface source pool information.
Action
Select Monitor>Firewall/NAT>Interface NAT in the J-Web user interface, or enter the following CLI command:
- show security nat interface-nat-ports
Table 5 summarizes key output fields in the interface NAT display.
Table 5: Summary of Key Interface NAT Output Fields
Field | Values | Additional Information |
|---|---|---|
| Interface NAT Summary Table | ||
Pool Index | Port pool index. | – |
Total Ports | Total number of ports in a port pool. | – |
Single Ports Allocated | Number of ports allocated one at a time that are in use. | – |
Single Ports Available | Number of ports allocated one at a time that are free for use. | – |
Twin Ports Allocated | Number of ports allocated two at a time that are in use. | – |
Twin Ports Available | Number of ports allocated two at a time that are free for use. | – |
Related Documentation
- J, LN, SRX Series
- Monitoring Overview
- Monitoring Interfaces
- Additional Information
- Junos OS Interfaces Library for Security Devices
Published: 2014-12-07
Supported Platforms
Related Documentation
- J, LN, SRX Series
- Monitoring Overview
- Monitoring Interfaces
- Additional Information
- Junos OS Interfaces Library for Security Devices
