Cem Kemal Erbaş Cem Kemal Erbaş
Show
| Operation | Command |
|---|---|
| # show security nat # show security nat | display set | |
| show source nat | > show security nat source rule all > show security nat source pool all > show security nat source summary |
| show Static NAT (1:1) | > show security nat static rule all # run show security nat static rule all |
| show destination nat | > show security nat destination rule all > show security nat destination pool all > show security nat destination summary |
| Persistent NAT | > show security nat source persistent-nat-table summary > show security nat source persistent-nat-table all |
| > show security alg dns doctoring # run show security alg status | |
| Disabling DNS and DDNS Doctoring | # set security alg dns doctoring none |
| > show security flow session > show security flow session | no-more |
Yapılandırma;
Source NAT(1:N)
Server/Office –> Internet
Interface-based source NAT
set security nat source rule-set 1 from zone trust set security nat source rule-set 1 to zone untrust set security nat source rule-set 1 rule 1A match source-address 0.0.0.0/0 set security nat source rule-set 1 rule 1A then source-nat interface
Pool-based source NAT
set security nat source pool src_nat_pool_napt address 100.100.110.20/32 to 100.100.100.29/32 set security nat source rule-set src_nat_napt from zone trust set security nat source rule-set src_nat_napt to zone untrust set security nat source rule-set src_nat_napt rule napt_1 match source-address 192.168.1.0/24 set security nat source rule-set src_nat_napt rule napt_1 then source-nat pool src_nat_pool_napt set security nat proxy-arp interface ge-0/0/0.0 address 100.100.100.20/32 to 100.100.100.29/32
set security nat source pool src_nat_pool_napt address 100.100.110.20/32 to 100.100.100.29/32 set security nat source rule-set src_nat_napt rule snat_1 match source-address 192.168.10.5/32 set security nat source rule-set src_nat_napt rule snat_1 match source-address 192.168.11.5/32 set security nat source rule-set src_nat_napt rule snat_1 match destination-address 0.0.0.0/0 set security nat source rule-set src_nat_napt rule snat_1 then source-nat pool snat_pool_1 set security nat proxy-arp interface ge-0/0/0.0 address 100.100.100.20/32 to 100.100.100.29/32
Staic NAT(1:1)
Internet –> Server
set security nat static rule-set untrust_to_trust rule RULE-NAME1 match destination-address 203.xx.xx.xx/32 set security nat static rule-set untrust_to_trust rule RULE-NAME1 then static-nat prefix 192.168.0.10/32 set security nat proxy-arp interface vlan.XXX address 203.xx.xx.xx/32
Destination NAT
Server/Office –> Internet
1:1
Destination: 10.1.1.5 → 100.0.0.1
set security nat destination pool SVR_A address 10.1.1.5/32 set security nat destination rule-set 1 from zone untrust set security nat destination rule-set 1 rule 1A match destination-address 100.0.0.1/32 set security nat destination rule-set 1 rule 1A then destination-nat pool SVR_A
1:N
Destination : 100.0.0.1:80 → 10.1.1.5:80
Destination : 100.0.0.1:8080 → 10.1.1.6:80
set security nat destination pool SVR_A address 10.1.1.5/32 port 80 set security nat destination pool SVR_B address 10.1.1.6/32 port 80 set security nat destination rule-set 1 from zone untrust set security nat destination rule-set 1 rule 1A match destination-address 100.0.0.1/32 set security nat destination rule-set 1 rule 1A match destination-port 80 set security nat destination rule-set 1 rule 1A then destination-nat pool SVR_A set security nat destination rule-set 1 rule 1B match destination-address 100.0.0.1/32 set security nat destination rule-set 1 rule 1B match destination-port 8080 set security nat destination rule-set 1 rule 1B then destination-nat pool SVR_B
