See the following sections:
- then {
- destination-nat (off | pool pool-name );
- }
- [edit security nat destination
rule-set rule-set-name rule rule-name ]
Statement introduced in Release 9.2 of JUNOS software.
Specify the action to be performed when traffic matches the destination NAT rule criteria.
This statement is supported on SRX-series devices.
The remaining statement is explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- then {
-
- action {
- (close-client | close-client-and-server
| close-server |
- drop-connection | drop-packet
| ignore-connection |
- mark-diffserv value | no-action
| recommended);
- }
-
- ip-action {
- (ip-block | ip-close | ip-notify);
- log;
- target (destination-address
| service | source-address |
- source-zone | zone-service);
- timeout
seconds ;
- }
-
- notification {
-
- log-attacks {
- alert;(
- }
- }
- severity (critical | info
| major | minor | warning);
- }
- [edit security idp idp-policy policy-name rulebase-ips rule rule-name ]
Statement introduced in Release 9.2 of JUNOS software.
Specify the action to be performed when traffic matches the defined criteria.
This statement is supported on SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- then {
-
- count {
-
- alarm {
- per-minute-threshold number;
- per-second-threshold number
;
- }
- }
- (deny | reject);
-
- permit {
- application-services (wx-redirect
| wx-reverse-redirect);
-
- destination-address {
- drop-translated;
- drop-untranslated;
- }
- destination-nat destination-name ;
-
- firewall-authentication
{
-
- pass-through {
- access-profile profile-name
;
- client-match match-name
;
- web-redirect;
- }
-
- web-authentication {
- client-match user-or-group
;
- }
- }
- source-nat (pool pool-name |
pool-set pool-set-name | interface);
-
- tunnel {
- ipsec-vpn vpn-name ;
- pair-policy pair-policy ;
- }
- }
-
- log {
- session-close;
- session-init;
- }
- }
- [edit security policies
from-zone zone-name to-zone zone-name policy policy-name ]
Statement introduced in Release 8.5 of JUNOS software.
Specify the policy action to be performed when packets match the defined criteria.
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- then {
- source-nat (off | interface
| pool pool-name
);
- }
- [edit security nat source
rule-set rule-set-name rule rule-name ]
Statement introduced in Release 9.2 of JUNOS software.
Specify the action to be performed when traffic matches the source NAT rule criteria.
This statement is supported on SRX-series devices.
The remaining statement is explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- then {
- static-nat prefix < addr-prefix
> <routing-instance routing-instance-name >;
- }
- [edit security nat static
rule-set rule-set-name rule rule-name ]
Statement introduced in Release 9.3 of JUNOS software.
Specify the action to be performed when traffic matches the static NAT rule criteria.
This statement is supported on SRX-series devices.
The remaining statement is explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.