Figure 3: Topology for Security Policy Configuration
INTERNET/WAN
g043441
UNTRUST ZONE
DMZ ZONE
TRUST ZONE
ge-0/0/0
1.1.1.1/29
Inter-zone traffic
Intra-zone traffic
ge-0/0/1.0
192.168.2.1/32
SRX Series device
Server-HTTP-1
192.168.2.2/32
Server-HTTP-1
192.168.1.2
Server-HTTP-2
192.168.2.3/32
Server-SMTP
192.168.2.4/32
In this example, you perform the following tasks:
•
Move the ge-0/0/1.0 interface, which was part of trust zone, to the DMZ zone and
assign IP address 192.168.2.1/24. Change ge-0/0/1 from family ethernet-switching
(factory configuration setting) to family inet.
•
Assign IP address 192.168.1.2/24 to the host connected to the fe-0/0/2.0 interface in
the trust zone.
•
Set up two HTTP servers (Server-HTTP-1 and Server-HTTP-2) and one SMTP server
and assign IP addresses 192.168.2.2/24 ,192.168.2.3/24, and 192.168.2.4/24 respectively
in the DMZ zone.
•
Configure an address book and create addresses for use in the policy as shown in
Table 8 on page 33.
Table 8: Address Books Configuration
Server IP Address-Address BookZones
192.168.2.2/24Server-HTTP-1DMZ
192.168.2.3/24Server-HTTP-2
192.168.2.4/24Server-SMTP
33Copyright © 2016, Juniper Networks, Inc.
Chapter 5: Configuring Security Zones and Policies for SRX Series
To Next Page
Loading...
Need help?
General
