By Walter J. Goralski, Cathy Gadecki, Michael Bushong. The SRX is a locked-down device. The SRX uses the concept of nested security zones.
|Published (Last):||17 July 2011|
|PDF File Size:||17.54 Mb|
|ePub File Size:||3.60 Mb|
|Price:||Free* [*Free Regsitration Required]|
By Walter J. Goralski, Cathy Gadecki, Michael Bushong. The SRX is a locked-down device. The SRX uses the concept of nested security zones. Zones are a critical concept in SRX configuration. No traffic goes in or out unless the security zones are configured properly on the SRX interfaces. To configure a security zone, you need to associate the interface with a security zone, and then the security zones need to be bound with a routing instance if there are multiple routing instances.
First, you configure the zones and then you associate the interfaces with the zones. You can configure a zone with more than one interface. However, each interface can belong to only one zone. Now, establish two security zones for a simple SRX configuration.
Always configure zones from the perspective of the SRX you are configuring. Many other zones may be on the LAN trust , accounting , and so on. But this SRX only links to admins and untrust. Now you can add services to the zones you just configured. Assume that inbound ssh, ftp, and ping traffic is permitted from the untrusted zone. This is just an example. Before you enable any services at all on your SRX, make sure you truly need them. FTP in particular is often considered risky because FTP has no real security, and you just punched a big hole for it in your security zone.
This error will go away when configuration is complete. He has worked in the networking field for more than 40 years. Cathy Gadecki is coauthor of the first edition of Junos For Dummies.
Juniper SRX Series
I was thinking if I should write a short article for beginners to quickly configure an SRX firewall. We will configure the followings from scratch:. First a bit of information for the SRX novice. As SRX is running Junos, it has two modes. Quickly, I can show you how to switch between these modes with an example:. Once we commit the changes, we should see the new hostname srx in the prompt. Commit is required to save and activate your changes.
Configure Juniper SRX from scratch