•
WAN interface–The Ethernet interface labeled 0/0 on the services gateway chassis
(called as ge-0/0/0 in J-Web and the CLI ) is in Layer 3 (routing) mode.
This WAN interface is used to connect your services gateway to your ISP. By default,
the WAN port is a Dynamic Host Control Protocol (DHCP) client and configured to
receive an IP address through DHCP.
•
LAN interfaces–Ethernet interfaces labeled 0/1 through 0/7 (called as ge-0/0/1,
fe-0/0/2 to fe-0/0/7 ) are in Layer 2 mode (Ethernet switching mode) and assigned
to a VLAN (vlan-trust).
A VLAN interface (Layer 3 interface) is created to route traffic from the interfaces in
the LAN (ge-0/0/1, fe-0/0/2 to fe-0/0/7) to WAN (ge-0/0/0) interface and vice versa.
All traffic between the ports within the VLAN is locally switched. The trust zone VLAN
interface (vlan.0) has a default static IP of 192.168.1.1/24, and assigns IP addresses in
the 192.168.1.2 to 192.168.1.254 range to any device plugged into the trust interfaces.
Default Settings for Interfaces, Zones, Policy, and NAT
Table 3 on page 9 provides the default configuration of the interfaces on an SRX210.
Table 3: Default Interfaces Settings
IP AddressDHCP StateSecurity ZonesInterface
Dynamically assignedClientUntrustge-0/0/0
192.168.1.1/24ServerTrustvlan.0
NOTE: Because Ethernet interfaces (ge-0/0/1, fe-0/0/2 to fe-0/0/7) are
assigned to the trust zone (vlan-trust), any traffic originating from these
interfaces is treated as trust.
Table 4 on page 9 provides the default security policies to block traffic coming from the
untrust zone to devices in the trust zone.
Table 4: Default Security Policy Settings
Policy ActionDestination ZoneSource Zone
PermitUntrustTrust
DenyTrustUntrust
NOTE: In default configuration, all LAN interfaces are in Layer 2 mode and
they communicate with each other without need of any policy.
9Copyright © 2016, Juniper Networks, Inc.
Chapter 2: Understanding Factory Default Configuration Settings