Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show security nat destination rule

Syntax

Description

Display information about the specified destination Network Address Translation (NAT) rule. Destination NAT rules are processed after static NAT rules but before source NAT rules.

Options

rule-name

Display information about the specified destination NAT rule.
all

Display information about all the destination NAT rules.
logical-system

Display information about the destination NAT rules for a specified logical system. Specify all to display information for all logical systems.
root-logical-system

Display information about the destination NAT rules for the primary (root) logical system.
tenant

Display information about the destination NAT rules for a specified tenant system. Specify all to display information for all tenant systems.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security nat destination rule command. Output fields are listed in the approximate order in which they appear.

Table 1: show security nat destination rule Output Fields

Field Name

Field Description

Total destination-nat rules

Number of destination NAT rules.

Total referenced IPv4/IPv6 ip-prefixes

Number of IP prefixes referenced in source, destination, and static NAT rules. This total includes the IP prefixes configured directly as address names and as address set names in the rule.

Destination NAT rule

Name of the destination NAT rule.

Description

Description of the destination NAT rule.

Rule-Id

Rule identification number.

Rule position

Position of the destination NAT rule.

From routing instance

Name of the routing instance from which the packets flow.

From interface

Name of the interface from which the packets flow.

From zone

Name of the zone from which the packets flow.

Source addresses

Name of the source addresses that match the rule. The default value is any.

Destination addresses

Name of the destination addresses that match the rule. The default value is any.

Action

The action taken when a packet matches the rule’s tuples. Actions include the following:

  • destination NAT pool—Use user-defined destination NAT pool to perform destination NAT.

  • off—Do not perform destination NAT.

Destination ports

Destination ports number that match the rule. The default value is any.

Application

Indicates whether the application option is configured.

Translation hits

Number of translation hits.

Successful sessions

Number of successful session installations after the NAT rule is matched.

Failed sessions

Number of unsuccessful session installations after the NAT rule is matched.

Number of sessions

Number of sessions that reference the specified rule.

Sample Output

show security nat destination rule namelength-is-now-changed-upto-63-characterslength

Sample Output

show security nat destination rule all

show security nat destination rule all tenant

Release Information

Command introduced in Junos OS Release 9.2. The Description output field added in Junos OS Release 12.1.

Support for IPv6 logical systems and the Successful sessions, Failed sessions and Number of sessions output fields added in Junos OS Release 12.1X45-D10.

Output for multiple destination ports and the application option field added in Junos OS Release 12.1X47-D10.

The tenant option is introduced in Junos OS Release 18.3R1.

Related Documentation