Routing

I'm fairly new to Juniper SRX series and have been tasked with deploying two SRX240 in HA cluster for a new datacenter. The cluster is working and from the LAN (reth1.0), I'm able to SSH & Https into the SRX, but I cannot get to the internet from my laptop when connected to the LAN.

For troubleshooting purposes, I granted https access to the WAN (reth0.0) interface and can successfully manage the device from it's public IP.

I'm not sure what else could be missing, can anybody find any faults in my config or recommend best practices?

Thanks in advance

Attachment(s)

05052015v2.txt   5 KB 1 version

Hello ,

As per the configuration I see that you do not have any Security  Policy configured from Trust to Untrust zone . By default Firewall blocks all traffic.

So Kindly create the security policy from Trust to Untrust allowing this internet traffic and it will work .

Thanks for your reply, for some reason I thought I had configured that policy. Looking at the config again, I think that I confused the source-NAT policy for a security policy.

I won't be able to test until tomorrow, but here's what I have added:

+    from-zone Trusted to-zone Untrusted {
+        policy LAN-to-WAN {
+            match {
+                source-address any;
+                destination-address any;
+                application any;
+            }
+            then {
+                permit;
+            }
+        }
+    }

Hello ,

The configuration looks fine. This will solve the internet access issue . If there is any  issue even aftre this , do let us know.

Keep us posted on the result .

As Sam said you need a policy to allow traffic.

Whenever you have to allow some traffic between the zones (Inter-zone) you need a policy even if allowing within the zone (Intra-zone).