SRX Next-Gen Firewalls

I usually use d-nat for inbound traffic and I've had situations where it would have been nice to have the d-nat pool entry be dynamic, but no the matched address. I'm curious, what is your use case? ------------------------------ Nikolay Semov ---- ...

I have an old config from a Cisco ASA which is here: interface Dialer1 ip address negotiated ip mtu 1452 encapsulation ppp ip tcp adjust-mss 1412 dialer pool 1 dialer-group 1 ppp mtu adaptive ppp authentication chap callin ...

Unfortunately, I think this is expected behavior. That is, native-vlan-id tells the device what to do with incoming untagged frames, but doesn't tell it not to tag outgoing frames on that vlan. That's counterintuitive and a bit silly, in my opinion, but ...

Not sure if this is still reaching anyone, fingers crossed.... I've closely copied this config, similar I'm moving from Cisco: interface Dialer1 ip address negotiated ip mtu 1452 encapsulation ppp ip tcp adjust-mss 1412 dialer pool 1 ...

Ahh... actually a nice suggestion to use scripts. Maybe using automation scripting that does a DNS lookup and updates a address-book entry regularly? ------------------------------ Best regards Vidar Stokke ------------------------------

I have two words for this. Anycast, broadcast. In an environment that untagged traffic is not working, you must consider the long run. We all assume that ipv4 broadcast kills us off the bat. Yes, that's true. But we don't think to question anycast. ...

I suspect there are chip features that do NAT in hardware. I doubt they'll ever tie those rigid rules to something dynamic like DNS resolution. But ... perhaps commit script macros? (https://www.juniper.net/documentation/us/en/software/junos/automation-scripting/topics/concept/junos-software-automation-commit-script-macros.html) ...