[j-nsp] order of operations for NAT & zone policy enforcement / SRX
pkc_mls
pkc_mls at yahoo.fr
Fri Jul 6 10:39:40 EDT 2012
Le 06/07/2012 3:56, Chris Hellberg a écrit :
> The order is: screen options -> D-NAT -> route lookup -> policy -> S-NAT -> others.
>
> /chris
> ---
This order implies that you must systematically use real IP addresses in
your security policies, even if there is NAT involved; (this is a main
difference with ScreenOS for those who are familiar with ScreenOS NAT).
More information about the juniper-nsp
mailing list