Juniper SRX devices don’t have a separate command to see NAT translations. However, all information can be taken from “show security flow session” output, as shown in the cheat sheet below:
Juniper SRX devices don’t have a separate command to see NAT translations. However, all information can be taken from “show security flow session” output, as shown in the cheat sheet below:
Sorry I’m confused by the “\” and “/” uses?
Also Cisco handily have something called Stateful Network Address Translation (SNAT) – just to confuse a little bit – but I’m being pedantic 🙂
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-2-t/prod_white_paper0900aecd8052870b.html
LikeLike
Hi
The slashes are just showing the diagonal – look from top-left to bottom-right (\) for SNAT, top-right to bottom-left (/) for DNAT.
If you want NAT session synchronization for SRX devices, there’s a chassis cluster.
LikeLike
Thanks for the explanation – so its a arrow this way / or this \ but without a point or points 🙂
No I didn’t want NAT sync on SRX but just wnated to point out that a Cisco guy or gal may talk about SNAT and not mean Source NAT.
A good little cheat sheet – thanks for posting
LikeLike
I implemented those CLI commands on SRX devices long back, good to see people have made cheat sheets out of them 🙂
LikeLike
Hi Harshit,
You work is very much appreciated! And your comment as well.
Btw – do you know why the forward and reverse flows were called “In” and “Out”? I was trying to understand that naming for years 🙂
– PK
LikeLike
Its been a while, IIRC they are incoming and outgoing flows with respect to the firewall device
LikeLike
Thanks – you helped building a solid system anyway!
LikeLike