Hi,
I'm currently working on SRX340 and trying to configure it as following via a static NAT config:
10.65.144.65 (untrust area) <--> 10.65.144.66 ge0/0/0.0 | SRX340 | ge0/0/1.0 192.168.235.239 <--> 192.168.235.217 (trust area)
| | ge0/0/2.0 192.168.240.242 <--> 192.168.240.217 (trust area)
I have define security zone and allow ping but when I try to ping the interface from a zone, none of them is responding.
I assume I have missed something obvious as a newby in firewall configuration so if someone can advise me how to fixed it, see below my configuration:
Thanks for the hand!
-----------------------------------------
security {
log {
mode event;
report;
}
nat {
static {
rule-set Untrust2Trust1 {
from interface ge-0/0/0.0;
rule Untrust2Trust1 {
match {
destination-address 192.168.235.217/24;
}
then {
static-nat {
prefix {
192.168.235.239/24;
}
}
}
}
rule Untrust2Trust2 {
match {
destination-address 192.168.240.242/24;
}
then {
static-nat {
prefix {
192.168.240.217/24;
}
}
}
}
}
rule-set Trust2Untrust {
from interface [ ge-0/0/1.0 ge-0/0/2.0 ];
rule Trust2Untrust {
match {
destination-address 10.65.144.65/24;
}
then {
static-nat {
prefix {
10.65.144.66/24;
}
}
}
}
}
}
}
policies;
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
irb.0;
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
all;
snmp;
ftp;
telnet;
}
protocols {
all;
}
}
}
ge-0/0/2.0 {
host-inbound-traffic {
system-services {
ping;
all;
telnet;
ftp;
snmp;
}
protocols {
all;
}
}
}
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
-----------------------------------
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.65.144.66/24;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.235.239/24;
}
}
}