[Contents] [Prev] [Next] [Index] [Report an Error]

Verifying NAT Configuration

Purpose

The NAT trace options hierarchy configures trace file and flags for verification purposes. J Series and SRX Series devices have two main components. Those are the Routing Engine (RE) and the Packet Forwarding Engine (PFE). The PFE is divided into the ukernel portion and the real-time portion. For verification, you can turn on flags individually to debug NAT functionality on the RE, ukernel PFE, or real-time PFE. The trace data is written to /var/log/security-trace by default.

Note: If session logging has been enabled in the policy configurations on the device, the session logs will include specific NAT details for each session. See Monitoring Policy Statistics for information on how to enable session logging and Information Provided in Session Log Entries for SRX Series Services Gateways for a description of information provided in session logs.

Action

user@host# set security nat traceoptions flag alluser@host# set security nat traceoptions flag destination-nat-pfeuser@host# set security nat traceoptions flagdestination-nat-reuser@host# set security nat traceoptions flag destination-nat-rtiuser@host# set security nat traceoptions flag destination-nat-pfeuser@host# set security nat traceoptions flag source-nat-pfeuser@host# set security nat traceoptions flag source-nat-reuser@host# set security nat traceoptions flag source-nat-rtuser@host# set security nat traceoptions flag static-nat-pfeuser@host# set security nat traceoptions flag static-nat-reuser@host# set security nat traceoptions flag static-nat-rt

Related Topics

[Contents] [Prev] [Next] [Index] [Report an Error]


[an error occurred while processing this directive]