CHAPTER 5
Configuring Security Zones and Policies
for SRX Series
•
Understanding Security Zones and Policies for SRX Series on page 31
•
Example: Configuring Security Zones and Policies for SRX Series on page 32
Understanding Security Zones and Policies for SRX Series
This topic includes the following sections:
•
Zones on page 31
•
Security Policy on page 32
Zones
A zone is a collection of one or more network segments sharing identical security
requirements. To group network segments within a zone, you must assign logical interfaces
from the device to a zone.
Security zones are used to identify traffic flow direction in security policies to control
traffic. On a single device, you can configure multiple security zones and at a minimum,
you must define two security zones, basically to protect one area of the network from
the other.
To configure the security zones, you must:
•
Define zone (security or functional)
•
Add logical interfaces to the zone
•
Define permitted services (example: Telnet, SSH) and protocols (example: OSPF)
destined to device itself.
Default configuration of the branch SRX Series includes two security zones--trust and
untrust. The vlan.0 belongs to the trust zone and ge-0/0/0 belongs to the untrust zone.
For more details on security zones, see Building Blocks Feature Guide for Security Devices.
31Copyright © 2016, Juniper Networks, Inc.
To Next Page
Loading...
Need help?
General
