Table 54: Security Policies; Table 55: Nat Rule - Juniper SRX550 Hardware Manual

SRX550 High Memory Services Gateway Hardware Guide
126
Table 53: Default Interface Configuration for the Services
Gateway (continued)
Port Label Interface
ge-0/0/4
0/4
ge-0/0/5
0/5
ge-0/0/6
0/6
ge-0/0/7
0/7
ge-0/0/8
0/8
ge-0/0/9
0/9
NOTE: If chassis clustering is enabled, we recommend using the port labeled
0/0 port as the management port (
the control port (
clustering is enabled. You can use the other ports as fabric ports.
By default, the security policies and NAT rules in
Table 55 on page 126 are created on the SRX Series security policies.

Table 54: Security Policies

Source Zone
Trust

Table 55: NAT Rule

Source Zone
Trust
For example, a common default firewall configuration includes the following assumptions:
The protected network is connected to the interfaces ge-0/0/1 (port
interface ge-0/0/5 (port
Connectivity to the Internet is through the interface ge-0/0/0 (port
zone.
The IP address of the ge-0/0/0 interface is assigned through DHCP.
Security
Connector Zone
RJ-45 Trust
RJ-45 Trust
No default configuration
fxp0 ) and using the
). The and ports are created only when chassis
fxp1 fxp0 fxp1
Table 54 on page 126
Destination Zone
Untrust
Destination Zone
Untrust
0/5 ) in the trust zone.
DHCP
State Address
Server 192.168.4.1/24
Server 192.168.5.1/24
0/1 port (if used) as
and
Policy Action
Permit
NAT Action
Source NAT to untrust zone
interface
) through
0/1
) in the untrust
0/0
Copyright © 2016, Juniper Networks, Inc.