SRX NAT issue during migration

L3 Networker

SRX NAT issue during migration

Hello Community,

we are using MT 3.3.15 to migrate from Juniper SRX 11.4 to Panorama with PAN OS 7.1.11.

We have an issue with security and NAT rules. After the merge some NAT rules reports the correct source and destination zones but there are a lot of rules with source zone "Any".

On the Security rules, a lot of rule was migrated properly like inbound NAT appears SRC Zone:Untrust DST Zone:Trust DST Address:PublicIP, but some rules appears as SRC Zone:Untrust DST Zone:Trust DST Address:PrivateIP.

It seems the two issues are related. If the problem appear on the NAT rule we have the issue on the Security rule.


Do you have any suggestion?


At the moment we have like 250 of 980 rules wrong.

Thanks in advance.


Tags (2)
L2 Linker

Re: SRX NAT issue during migration

Could you parse the SRX config of an example NAT rule that was done correctly and an example of one that was incorrectly? Is it not by any chance always failing at the same type of NAT'ing?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!