Hello
Maybe someone can help with my problem. I have srx cluster with firewall filter rule on engress interface.
Also i have one subnet 192.168.2.0/24 behind the srx and there was source NAT for internet access. It was working until i add firewall filter.
I cant find any instrucrions or examples for allow source nat through firewall filter. Have you got any idea ?
Filter example
term icmp-request-reply {
from {
protocol icmp;
}
then {
packet-mode;
accept;
}
}
term well-known-ports {
from {
protocol tcp;
destination-port [ 8443 http https 444 ];
}
then {
packet-mode;
accept;
}
}
term well-known-ports-reply {
from {
protocol tcp;
source-port [ 8443 http https 444 ];
}
then {
packet-mode;
accept;
}
}
term service-ike {
from {
protocol udp;
port 500;
}
then accept;
}
term service-esp {
from {
protocol esp;
}
then accept;
Source nat
source {
rule-set KE-internet {
from zone Extern;
to zone untrust;
rule KE-1 {
match {
source-address-name KE;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}