Table of Contents
Advertisement
CHAPTER 5
Configuring Security Zones and Policies
for SRX Series
Understanding Security Zones and Policies for SRX Series
Zones
Copyright © 2016, Juniper Networks, Inc.
Understanding Security Zones and Policies for SRX Series on page 31
Example: Configuring Security Zones and Policies for SRX Series on page 32
This topic includes the following sections:
Zones on page 31
Security Policy on page 32
A zone is a collection of one or more network segments sharing identical security
requirements. To group network segments within a zone, you must assign logical interfaces
from the device to a zone.
Security zones are used to identify traffic flow direction in security policies to control
traffic. On a single device, you can configure multiple security zones and at a minimum,
you must define two security zones, basically to protect one area of the network from
the other.
To configure the security zones, you must:
Define zone (security or functional)
Add logical interfaces to the zone
Define permitted services (example: Telnet, SSH) and protocols (example: OSPF)
destined to device itself.
Default configuration of the branch SRX Series includes two security zones--trust and
untrust. The vlan.0 belongs to the trust zone and ge-0/0/0 belongs to the untrust zone.
For more details on security zones, see Building Blocks Feature Guide for Security Devices.
31
Advertisement
Table of Contents
