Junos OS

last person joined: 14 hours ago 

Ask questions and share experiences about Junos OS.

  • 1.  Allow Ping to loobpack interace in Untrust Zone

    Posted 05-17-2016 00:33

    Hi,

     

    I want to allow ping on loopback interface in Untrust zone in Junos SRX. The loopback is configured with 3 public IPs.

    The thing is ping is already allowed to thee zone and the loopback is added to it.

    I have another interface in untrust and I am able to ping it. Also ping is allowed to Junos-Host zone.

     

    lo0 {
    unit 1 {
    family inet {
    address x.y.z.a/32;
    address x.y.z.b/32;
    address x.y.z.c/32;
    }
    }
    redundant-pseudo-interface-options {
    redundancy-group 1;
    }

     



  • 2.  RE: Allow Ping to loobpack interace in Untrust Zone

     
    Posted 05-17-2016 01:15

    Hello,

     

    What is the zone of the physical interface through which ping comes to the firewall?

    You might need a policy from that zone to loopback's zone.

     

    Regards,

     

    Rushi



  • 3.  RE: Allow Ping to loobpack interace in Untrust Zone
    Best Answer

     
    Posted 05-17-2016 01:15

    You may need to apply a security policy from zone Untrust to zone Untrust as the actual packet reaches on one of the physical/reth ineterface and then goes to loopback. If this doesnt work can you take a traceoptions and see where the packet is dropped?