Table of Contents
Advertisement
Default Settings for Interfaces, Zones, Policy, and NAT
Copyright © 2016, Juniper Networks, Inc.
WAN interface–The Ethernet interface labeled
(called as ge-0/0/0 in J-Web and the CLI ) is in Layer 3 (routing) mode.
This WAN interface is used to connect your services gateway to your ISP. By default,
the WAN port is a Dynamic Host Control Protocol (DHCP) client and configured to
receive an IP address through DHCP.
LAN interfaces–Ethernet interfaces labeled
fe-0/0/2 to fe-0/0/7 ) are in Layer 2 mode (Ethernet switching mode) and assigned
to a VLAN (
).
vlan-trust
A VLAN interface (Layer 3 interface) is created to route traffic from the interfaces in
the LAN (ge-0/0/1, fe-0/0/2 to fe-0/0/7) to WAN (ge-0/0/0) interface and vice versa.
All traffic between the ports within the VLAN is locally switched. The trust zone VLAN
interface (vlan.0) has a default static IP of 192.168.1.1/24, and assigns IP addresses in
the 192.168.1.2 to 192.168.1.254 range to any device plugged into the trust interfaces.
Table 3 on page 9
provides the default configuration of the interfaces on an SRX210.
Table 3: Default Interfaces Settings
Interface
Security Zones
ge-0/0/0
Untrust
vlan.0
Trust
NOTE:
Because Ethernet interfaces (ge-0/0/1, fe-0/0/2 to fe-0/0/7) are
assigned to the trust zone (vlan-trust), any traffic originating from these
interfaces is treated as trust.
Table 4 on page 9
provides the default security policies to block traffic coming from the
untrust zone to devices in the trust zone.
Table 4: Default Security Policy Settings
Source Zone
Trust
Untrust
NOTE:
In default configuration, all LAN interfaces are in Layer 2 mode and
they communicate with each other without need of any policy.
Chapter 2: Understanding Factory Default Configuration Settings
on the services gateway chassis
0/0
through
0/1
DHCP State
Client
Server
Destination Zone
Untrust
Trust
(called as ge-0/0/1,
0/7
IP Address
Dynamically assigned
192.168.1.1/24
Policy Action
Permit
Deny
9
Advertisement
Table of Contents
