Disabling NAT on juniper firewall



  • Hi,

    I have a network setup where a Juniper SRX240 is secondary firewall, as below:

    LAN - Juniper - Cisco Firewall - Internet

    Juniper firewalls lan side is 192.168.100.0 /24
    Juniper Wan side is 172.16.3.0 /24

    Cisco Firewalls lan side is on same subnet as Juniper 172.16.3.0.24
    Cisco WAN side is 202.82.24.65

    My requirement is that traffic starting from LAN network should go through the Juniper firewall with following requirements:-

    1. Local lan traffic should not be NAT’d on Juniper firewall
    2. Apply rules on Juniper lan and wan side for allowing on specific services
      Like; inbound - ftp service on one lan server
                outbound - sftp service from one lan server

    Please help me on how to achieve this. I am new to Juniper.

    Thanks.



  • Hi!

    1: SRX won’t do NAT automatic. So if you don’t configure anything to security=>nat you are safe 😃

    2: You need to do security zones and the policies. One zone to wan interface (untrust) and one to pan (trust). You can find instruction to create these http://www.juniper.net/techpubs/en_US/junos10.4/information-products/topic-collections/security/software-all/security/index.html?topic-41210.html


 

30
Online

38.4k
Users

12.7k
Topics

44.5k
Posts