[j-nsp] SRX NAT rule component limit

Network Geek network.nerdd at gmail.com
Thu Jun 22 12:19:04 EDT 2017 

Hi,

In this particular case, the sources are not located in the same location
hence their IP address is not adjacent to each other hence summarization is
not an option unfortunately.

I am a bit surprised if Juniper has not worked on this very limited
capacity yet even after quite some time, reason why I come to you guys to
confirm. Unfortunately I can't test it myself on my production devices
until my change window.

Appreciate if those who know could pop up and clear my doubt hence help me
save my time.

Thanks

On 21 Jun 2017 11:35 p.m., "Mike Azevedo" <mike.azevedo at enfopoint.com>
wrote:

> I haven't tested this so I didn't respond to the group.  I believe the
> limit still exists.  However, you can summarize and do 8 supernets or
> ranges in your NAT statements.  If you just have tons of discontiguous
> addresses you would need multiple rules within the rule-set where each rule
> has the 8 addresses or address ranges / summaries.
>
> thx
> mike
> enfopoint
>
> On Wed, Jun 21, 2017 at 12:19 AM, Network Geek <network.nerdd at gmail.com>
> wrote:
>
>> Hi guys,
>>
>> Nice to join this amazing group. This is my first posting where I'd like
>> to
>> seek for help on information about SRX NAT rule.
>>
>> I know from the past on SRX3600 that when I created NAT rule, I could only
>> have 8 source-address at maximum. Same for the destination-address.
>>
>> I have tried to Google about this limitation for Junos12.1X46-D40.2 for
>> SRX1400 ... and for Junos15.1X49-D60.7 for SRX1500 to no avail.
>> So far when I create NAT rule, I limit the source and destination
>> addresses
>> to 8 lines respectively. But I currently have a requirement for which I
>> have tons of sources. If the limit is now bigger for the above versions,
>> I'd like to maximise each of my NAT rules.
>>
>> So appreciate if anyone can confirm how many sources I can have on NAT
>> rule
>> for the above versions of Junos.
>>
>> Cheers
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>

More information about the juniper-nsp mailing list