Enabling Gtp For Firewall Rules; Configuring Traffic Shaping In A Security Policy - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Copyright © 2010, Juniper Networks, Inc.
Edit Destination NAT
You can configure security devices running ScreenOS 5.x and later, to translate the
destination IP address. Enable Destination NAT and enter the destination IP address you
want to translate to.
Other destination NAT options include:
Destination Port—Your security devices can perform one-to-one destination NAT
without changing the destination port numbers. However, you can configure the device
to map the original destination port number in the segment header to another port
number.
To enable destination port translation, select Destination Port and enter the port
number you want to translate to.
To use the original destination port number, leave the default of None.
Upper IP Address—Your device can also translate the destination IP address to a range
of IP addresses. Select the Upper IP Address and enter the upper IP address. The
device uses an address shifting mechanism to maintain the relationships among the
original range of destination addresses after translating them to the new range of
addresses.
Using the Device Manager, you can also implement NAT on any device interface in any
zone except Untrust. For details, see NSM Online Help "Configuring Firewall/VPN Devices".
For J Series devices, you can configure a NAT for a policy rule as one of the following:
An interface
A pool of a specific device interface
A PoolSet defined under the "source NAT" setting for a device (collection of IP ranges)
You cannot configure NAT settings for SRX Series gateways using Policy Manager. NAT
settings must be configured in the device for SRX Series gateways. However, if the device
is managed in central management mode, you can right-click the device and select Policy
> View Pending Device Policy to view all security policies that include NAT settings.

Enabling GTP for Firewall Rules

You can use a GTP object in a firewall rule to control how your security devices handle
GPRS traffic. To add a GTP object, you must have already configured the object in Object
Manager.

Configuring Traffic Shaping in a Security Policy

Traffic shaping enables you to control the amount of bandwidth that is available to the
matching network traffic in a rule. You can also define a priority that defines how the
security device handles the matching network traffic that exceeds the defined maximum
bandwidth. For security devices running ScreenOS 5.3 and later, you can also manage
the flow of traffic through the security device by limiting bandwidth at the point of ingress.
Chapter 9: Configuring Security Policies
455