Juniper SRX - How to perform source nat on Junos self originated packets

Juniper SRX - How to perform source nat on Junos self originated packets - Junos 11.4

In Junos version 11.4, a new security zone junos-host was added to match to/from Junos self-traffic device.

Few details here: https://cn.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/release-notes/11.4/index.html?topic-62163.html

How to do source nat for Junos self originated packets - Junos 11.4

Assuming the security zone matching Internet zone is called internet in our Junos configuration, source nat from Junos originated packets towards internet can be achieved using following config:

Code:

> show configuration security nat source rule-set self-internet                  
from zone junos-host;
to zone internet;
rule RE-internet {
    match {
        source-address 0.0.0.0/0;
    }
    then {
        source-nat {
            interface;
        }
    }
}

Same can be achieved using commands:

Code:

> show configuration security nat source rule-set self-internet | display set    
set security nat source rule-set self-internet from zone junos-host
set security nat source rule-set self-internet to zone internet
set security nat source rule-set self-internet rule RE-internet match source-address 0.0.0.0/0
set security nat source rule-set self-internet rule RE-internet then source-nat interface

P.S.: Default configurations will not need source nat as Junos, by default, uses the IP of the outgoing interface as source. But for those rare cases when source nat is really needed, this will help.