Port forwarding in Junos
First, define your objects:
set security zones security-zone Internal address-book address TSserver1 192.168.1.151/32
and whatever service you need to:
set applications application MS-RDP protocol tcp destination-port 3389
and your destination nat pool:
set security nat destination pool dnat-192_168_1_151 address 192.168.1.151/32
set security nat destination pool dnat-192_168_1_151 address port 3389
and your NAT policy:
Define the NAT policy is configured which specifies the NAT pool that the traffic should be translated to.
set security nat destination rule-set dst-nat from zone Internet
set security nat destination rule-set dst-nat rule rule1 match destination-address 256.1.1.1/32
set security nat destination rule-set dst-nat rule rule1 match destination-port 63389
set security nat destination rule-set dst-nat rule rule1 then destination-nat pool dnat-192_168_1_151
and lastly, your security policy to allow the traffic through:
Use the internal (real) IP address and port of the server — the security/firewall aspect happens after the “networking” aspect of the connection:
set security policies from-zone untrust to-zone trust policy Internet_to_Internal_RDP match source-address any destination-address TSserver1 application MS-RDP
set security policies from-zone untrust to-zone trust policy Internet_to_Internal_RDP then permit
Once you’ve commited the change, an RDP connection to 256.1.1.1:63389 will get translated to 192.168.1.151:3389.