Migrate configuration Juniper Firewall to Sangfor NGAF

DenyFirmansyah Lv1Posted 16 Oct 2022 18:45

Hello Everyone,

I have a question for migrate NAT configuration Juniper SRX (Firewall) to Sangfor NGAF. How to replace for zone Juniper? example the zone in this case are called "Internet" and "DC-A"). Because in Sangfor NGAF the zone just for binding to the interfaces.

this the example configuration of Juniper SRX (Firewall):
nat {
        source {
            pool public-out-dns-server-4 {
                address {
                    103.x.x.x/32;
                }
            }

rule-set rs-DA {
                from zone DC-A ;
                to zone internet;
                rule DNS-4-source-nat-rule {
                    match {
                        source-address 10.252.252.4/32;
                    }
                    then {
                        source-nat {
                            pool {
                                public-out-dns-server-4;
                            }
                        }
                    }
                }
                               
                               

       
                               
                               
zones {
        security-zone internet {
            address-book {
                address openlib-1-svr 202.x.x.x/32;
                address io-svr 119.x.x.x/32;
                address simtu-svr 118.x.x.x/32;
                                }
            screen untrust-screen;
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                irb.3;
            }
        }
                               
               
                security-zone DC-A  {
            address-book {
                address dashborad-svr 10.252.252.17/32;
                address dns00-svr 10.252.252.4/32;
                address dns01-svr 10.252.252.5/32;
                address idea-svr 10.252.252.30/32;
                address idea-web2-svr 10.252.252.31/32;
                address idea-web1-svr 10.252.252.32/32;
                address pjj-svr 10.252.252.34/32;
                address hosting-svr 10.252.252.98/32;
                                }
            screen DC-A-screen;
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                lo0.0;
                ae0.0;
                ae1.0;
            }
        }

rivsy has solved this question and earned 10 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Last edited by rivsy 17 Oct 2022 12:41.

Can I ask the type of configuration and policy you currently use in your Juniper setup?
You can use the Wizard if your configuration is just a basic config
Is this answer helpful?
rivsy Lv5Posted 16 Oct 2022 23:16
  
Last edited by rivsy 17 Oct 2022 12:41.

Can I ask the type of configuration and policy you currently use in your Juniper setup?
You can use the Wizard if your configuration is just a basic config
jetjetd Lv5Posted 17 Oct 2022 01:58
  
it would be easier if you will do it in Juniper's GUI.
Faisal P Lv8Posted 17 Oct 2022 10:51
  
Click the Launch NAT Wizard button. Follow the wizard prompts. The upper-left area of the wizard page shows where you are in the configuration process.
Luih Miranda Lv3Posted 17 Oct 2022 12:46
  
You can use the Wizard if your configuration is just a basic one.
Kyze Guti Lv2Posted 17 Oct 2022 13:08
  
If your setting is simply a basic configuration, you can use the Wizard.
JhayR Lv2Posted 17 Oct 2022 13:09
  
If you have a simple configuration, you can use the Wizard.
Vhee012 Lv3Posted 17 Oct 2022 13:27
  
You can use the Wizard If your setting is simply a basic configuration
Shery025 Lv3Posted 17 Oct 2022 13:34
  
You can use the Wizard if your configuration is just a basic configuration
RegiBoy Lv5Posted 17 Oct 2022 13:49
  
Just use GUI. Its the same as configuring the CLI.

I Can Help:

Change

Moderator on This Board

11
5
4

Started Topics

Followers

Follow

1
2
5

Started Topics

Followers

Follow

0
3
4

Started Topics

Followers

Follow

67
19
3

Started Topics

Followers

Follow

3
10
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders