rule-set (Security Source NAT)
Syntax
rule-set rule-set-name {
description text;
from {
interface [interface-name];
routing-group [routing-group-name]];
routing-instance [routing-instance-name];
zone [zone-name];
}
rule rule-name {
description text;
match {
application {
[application];
any;
}
(destination-address <ip-address> | destination-address-name <address-name>);
destination-port (port-or-low <to high>);
protocol [protocol-name-or-number];
source-address [ip-address];
source-address-name [address-name];
source-port (port-or-low <to high>);
}
then {
source-nat {
interface {
persistent-nat {
address-mapping;
inactivity-timeout seconds;
max-session-number value;
permit (any-remote-host | target-host | target-host-port);
}
}
off;
pool <pool-name>
persistent-nat {
address-mapping;
inactivity-timeout seconds;
max-session-number number;
permit (any-remote-host | target-host | target-host-port);
}
}
rule-session-count-alarm (raise-threshold value | clear-threshold value);
}
}
}
to {
interface [interface-name];
routing-group [routing-group-name]];
routing-instance [routing-instance-name];
zone [zone-name];
}
}
Hierarchy Level
[edit security nat source]
Description
Configure a set of rules for source NAT.
When zones are not configured under rule-set and when active source NAT is configured with missing mandatory statement “from” then, the following message is displayed when performing commit “Missing mandatory statement: 'from' error: configuration check-out failed” and the configuration check-out fails.
Starting from 19.3R3, the external node connection for one persistent NAT binding is updated from 8 to 32 .
Options
| rule-set-name | Name of the rule set. |
| description | Description of the rule set. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 9.6. The description option
added in Junos OS Release 12.1. Statement modified in Junos OS Release 12.1X45-D10.
Statement modified in Junos OS Release 12.1X47-D10.
The routing-group option is added in Junos OS Release 22.2R1.