Wednesday, September 13, 2017

Juniper Nat configuration sample


A simple one to one nat configuration sample edit copy paste and enjoy.

set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust-airtel
set security nat source rule-set trust-to-untrust to zone untrust-mtnl
set security nat source rule-set trust-to-untrust rule source-nat-off match destination-address 1.1.23.206/32
set security nat source rule-set trust-to-untrust rule source-nat-off then source-nat off
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security nat destination pool pool1 address 172.168.100.152/32
set security nat destination pool pool2 address 172.168.100.19/32
set security nat destination pool pool3 address 172.168.100.74/32
set security nat destination pool pool4 address 172.168.100.47/32
set security nat destination pool pool5 address 172.168.100.220/32
set security nat destination pool pool6 address 172.168.100.221/32
set security nat destination pool pool7 address 172.168.100.222/32
set security nat destination pool pool8 address 172.168.100.223/32
set security nat destination pool pool9 address 172.168.100.224/32
set security nat destination pool pool10 address 172.168.100.225/32
set security nat destination rule-set Dst-Nat-Rule from zone untrust-airtel
set security nat destination rule-set Dst-Nat-Rule rule r1 match destination-address 1.1.23.206/32
set security nat destination rule-set Dst-Nat-Rule rule r1 match destination-port 1433
set security nat destination rule-set Dst-Nat-Rule rule r1 then destination-nat pool pool1
set security nat destination rule-set Dst-Nat-Rule rule r2 match destination-address 1.1.23.206/32
set security nat destination rule-set Dst-Nat-Rule rule r2 match destination-port 491
set security nat destination rule-set Dst-Nat-Rule rule r2 then destination-nat pool pool1
set security nat destination rule-set Dst-Nat-Rule rule r3 match destination-address 1.1.23.206/32
set security nat destination rule-set Dst-Nat-Rule rule r3 match destination-port 80
set security nat destination rule-set Dst-Nat-Rule rule r3 then destination-nat pool pool1
set security nat destination rule-set Dst-Nat-Rule rule r4 match destination-address 1.1.23.206/32
set security nat destination rule-set Dst-Nat-Rule rule r4 match destination-port 88
set security nat destination rule-set Dst-Nat-Rule rule r4 then destination-nat pool pool2
set security nat destination rule-set Dst-Nat-Rule rule r5 match destination-address 1.1.23.206/32
set security nat destination rule-set Dst-Nat-Rule rule r5 match destination-port 3389
set security nat destination rule-set Dst-Nat-Rule rule r5 then destination-nat pool pool4
set security nat destination rule-set Dst-Nat-Rule rule r6 match destination-address 1.1.23.217/32
set security nat destination rule-set Dst-Nat-Rule rule r6 match destination-port 3389
set security nat destination rule-set Dst-Nat-Rule rule r6 then destination-nat pool pool5
set security nat destination rule-set Dst-Nat-Rule rule r7 match destination-address 1.1.23.219/32
set security nat destination rule-set Dst-Nat-Rule rule r7 match destination-port 3389
set security nat destination rule-set Dst-Nat-Rule rule r7 then destination-nat pool pool7
set security nat destination rule-set Dst-Nat-Rule rule r8 match destination-address 1.1.23.220/32
set security nat destination rule-set Dst-Nat-Rule rule r8 match destination-port 3389
set security nat destination rule-set Dst-Nat-Rule rule r8 then destination-nat pool pool8
set security nat destination rule-set Dst-Nat-Rule rule r9 match destination-address 1.1.23.221/32
set security nat destination rule-set Dst-Nat-Rule rule r9 match destination-port 3389
set security nat destination rule-set Dst-Nat-Rule rule r9 then destination-nat pool pool9
set security nat destination rule-set Dst-Nat-Rule rule r10 match destination-address 1.1.23.222/32
set security nat destination rule-set Dst-Nat-Rule rule r10 match destination-port 3389
set security nat destination rule-set Dst-Nat-Rule rule r10 then destination-nat pool pool10
set security nat proxy-arp interface fe-0/0/0.0 address 1.1.23.218/32
set security nat proxy-arp interface fe-0/0/0.0 address 1.1.23.217/32
set security nat proxy-arp interface fe-0/0/0.0 address 1.1.23.219/32
set security nat proxy-arp interface fe-0/0/0.0 address 1.1.23.220/32
set security nat proxy-arp interface fe-0/0/0.0 address 1.1.23.221/32
set security nat proxy-arp interface fe-0/0/0.0 address 1.1.23.222/32
By - No comments:
Labels:
Subscribe to: Posts (Atom)

Optimization of fortigate IPS

IPS signature need select according to infrastructure environment  Eg:-  if  we are not have Linux servers this ips signature can disable (d...