Table of Contents
Advertisement
Copyright © 2016, Juniper Networks, Inc.
Figure 3: Topology for Security Policy Configuration
UNTRUST ZONE
INTERNET/WAN
SRX Series device
TRUST ZONE
Server-HTTP-1
192.168.1.2
In this example, you perform the following tasks:
Move the ge-0/0/1.0 interface, which was part of trust zone, to the DMZ zone and
assign IP address 192.168.2.1/24. Change ge-0/0/1 from family ethernet-switching
(factory configuration setting) to family inet.
Assign IP address 192.168.1.2/24 to the host connected to the fe-0/0/2.0 interface in
the trust zone.
Set up two HTTP servers (Server-HTTP-1 and Server-HTTP-2) and one SMTP server
and assign IP addresses 192.168.2.2/24 ,192.168.2.3/24, and 192.168.2.4/24 respectively
in the DMZ zone.
Configure an address book and create addresses for use in the policy as shown in
Table 8 on page
33.
Table 8: Address Books Configuration
Zones
Address Book
DMZ
Server-HTTP-1
Server-HTTP-2
Server-SMTP
Chapter 5: Configuring Security Zones and Policies for SRX Series
DMZ ZONE
ge-0/0/0
1.1.1.1/29
ge-0/0/1.0
192.168.2.1/32
Server IP Address-
192.168.2.2/24
192.168.2.3/24
192.168.2.4/24
Server-HTTP-1
192.168.2.2/32
Server-SMTP
192.168.2.4/32
Server-HTTP-2
192.168.2.3/32
Inter-zone traffic
Intra-zone traffic
33
Advertisement
Table of Contents
