show security nat static rule
Syntax
show security nat static rule rule-name all logical-system (logical-system-name ) root-logical-system tenant (tenant-name )
Description
Display information about the specified static Network Address Translation (NAT) rule. Traffic directions allows you to specify from interface, from zone, or from routing-instance and packet information can be source addresses and ports, and destination addresses and ports.
Options
| rule-name | Name of the rule. |
| all | Display information about all the static NAT rules. |
| logical-system | Display
information about the static NAT rules for a specified logical system.
Specify |
| root-logical-system | Display information about the static NAT rules for the primary (root) logical system. |
| tenant | Display information
about the static NAT rules for a specified tenant system. Specify |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show security nat static rule command. Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
Static NAT rule |
Name of the static NAT rule. |
Total referenced IPv4/IPv6 ip-prefixes |
Number of IP prefixes referenced in source, destination, and static NAT rules. This total includes the IP prefixes configured directly, as address names, and as address set names in the rule. |
Rule-set |
Name of the rule set. Currently, you can configure 8 rules within the same rule set. |
Description |
Description of the static NAT rule. |
Rule-Id |
Rule identification number. |
Rule position |
Position of the rule that indicates the order in which it applies to traffic. |
From interface |
Name of the interface from which the packets flow. |
From routing instance |
Name of the routing instance from which the packets flow. |
From zone |
Name of the zone from which the packets flow. |
Destination addresses |
Name of the destination addresses that match the rule. |
Destination NPTv6 addr |
Destination address that matches the rule. |
Source addresses |
Name of the source addresses that match the rule. |
Host addresses |
Name of the host addresses that match the rule. |
Netmask |
Subnet IP address. |
Destination NPTv6 Netmask |
Subnet IPv6 address. |
Host routing-instance |
Name of the host routing instance. |
Destination port |
Destination port numbers that match the rule. The default value is any. |
Source port |
Source port numbers that match the rule. |
Total static-nat rules |
Number of static NAT rules. |
Translation hits |
Number of times a translation in the translation table is used for a static NAT rule. |
Successful sessions |
Number of successful session installations after the NAT rule is matched. |
Failed sessions |
Number of unsuccessful session installations after the NAT rule is matched. |
Number of sessions |
Number of sessions that reference the specified rule. |
Sample Output
show security nat static rule
user@host> show security nat static rule namelength-is-now-changed-upto-63-characterslength Static NAT rule: namelength-is-now-changed-upto-63-characterslength Rule-set: namelength-is-now-changed-upto-63-characterslength Description : The static rule sta-r2 is for the sales team Rule-Id : 1 Rule position : 1 From zone : zone9 Destination addresses : add3 Host addresses : add4 Netmask : 24 Host routing-instance : N/A Translation hits : 2 Successful sessions : 2 Failed sessions : 0 Number of sessions : 2
Sample Output
show security nat static rule all tenant namelength-is-now-changed-upto-63-characterslength
user@host> show security nat static rule all tenant namelength-is-now-changed-upto-63-characterslength
Total static-nat rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 2/0
Static NAT rule: namelength-is-now-changed-upto-63-characterslength Rule-set: from_zone
Rule-Id : 1
Rule position : 1
From zone : untrust
Source addresses : 192.0.2.0 - 192.0.2.255
Destination addresses : 203.0.113.203
Host addresses : 192.168.1.203
Netmask : 32
Host routing-instance : N/A
Translation hits : 0
Successful sessions : 0
Failed sessions : 0
Number of sessions : 0
Sample Output
show security nat static rule (IPv6)
user@host> show security nat static rule namelength-is-now-changed-upto-63-characterslength
Static NAT rule: namelength-is-now-changed-upto-63-characterslength Rule-set: namelength-is-now-changed-upto-63-characterslength
Rule-Id : 1
Rule position : 1
From zone : trust
Destination NPTv6 addr : 2001:db8::
Destination NPTv6 Netmask : 48
Host addresses : 2001:db8::3000
Netmask : 48
Host routing-instance : N/A
Translation hits : 0
Successful sessions : 0
Failed sessions : 0
Number of sessions : 0
Sample Output
show security nat static rule all (SRX Series Firewalls)
user@host> show security nat static rule all
Total static-nat rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 2/0
Static NAT rule: static_rule_length_can_be_configured_upto_63_characters_lengthh
Rule set : static_rule-set_length_can_be_configured_upto_63_characters_len
Rule Id : 1
Rule position : 1
From zone : trust
Destination addresses : 198.51.100.0
Host addresses : 203.0.113.0
Netmask : 32
Host routing-instance : N/A
Translation hits : 0
Successful sessions : 0
Number of sessions : 0
show services nat static rule (MX-SPC3)
user@host> show services nat static rule
Total static-nat rules: 1
Total referenced IPv4/IPv6 ip-prefixes: 1/1
Interface: vms-4/0/0 , Service set: ss5
Static NAT rule: NAT_RULE12_WEB-MX-SPC3NAT_WEB_MX_SPC3NAT_web-mx--spc3_NAT-RULE
Rule set : NAT_RULE-SET12_WEB-MX-SPC3NAT_WEB_MX_SPC3NAT_web-mx--spc3_RSET
Rule Id : 1
Rule position : 1
From zone : ss5-ZoneIn
Destination addresses : 198.51.100.7
Host addresses : 400::
Netmask : 24
Host routing-instance : N/A
Translation hits : 1
Successful sessions : 1
Failed sessions : 0
Number of sessions : 0
Release Information
Command introduced in Junos OS Release 9.3.
The Description output field added in Junos OS Release 12.1.
Support for IPv6
logical systems and the Successful sessions, Failed
sessions, Number of sessions, Source addresses and Source ports output fields added in Junos OS Release
12.1X45-D10.
The Destination
NPTv6 addr and Destination NPTv6 Netmask output fields
added in Junos OS Release 12.3X48-D25.
The tenant option is introduced in Junos OS Release 18.3R1.