[AusNOG] security policies on a juniper srx110
Luca Salvatore
Luca at ninefold.com
Tue Oct 16 13:26:04 EST 2012
Have you setup some traceoptions? They will show you what going on. Something like:
set security flow traceoptions file flow-trace
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter 1 source-prefix x.x.x.x
set security flow traceoptions packet-filter 1 destination-prefix y.y.y.y
Make sure the address in the security policy matches the NATed address also....
Luca
-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Peter Brown
Sent: Tuesday, 16 October 2012 1:14 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] security policies on a juniper srx110
Hi everyone,
I am still having trouble getting destination nat and security policies working on my srx110.
I am reasonably sure the nat is working because i am seeing translation hits in the monitoring section of the web interface.
I am not seeing anything in the security policies however.
>From all the documentation I have ready I have the nat and policies setup correctly but I am obviously missing something.
Is there something else that sites between destination nat and policies that would stop the traffic from even hitting the security policies?
Thanks in advance.
Pete.
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list