SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Dropping all traffic to and from specific IPs

    Posted 01-12-2013 01:32
    Hi, I would like to drop all traffic to and from several IPs (prefer to have them in an address-set), what would be the easiest way to achive that? I have looked into creating global policies but since that requires me to convert my addressbook to a global addressbook, I really prefer not to use that solution since the policy is to be deployed on several firewalls. So, to make things clear. I have several IPs out on the internet that I want to drop all traffic to and from. Like this: src=any, dst=bad_IPs, action=deny src=bad_IPs, src=any, action, deny bad_IPs is an address set containing blacklisted IPs. Does it make any sense? Thanks in advance.


  • 2.  RE: Dropping all traffic to and from specific IPs
    Best Answer

    Posted 01-13-2013 11:52

    Hi User853,

     

    I'd think you could use a stateless firewall filter to accomplish this, unless it is about transit traffic.

    Then You'd have to go with a security policy between the security zones involved.

    Have you tried this already?

     

    See KB16685 and KB16553 for more information.



  • 3.  RE: Dropping all traffic to and from specific IPs

    Posted 01-14-2013 11:52
    Thank you for the tip! Turns out that this worked out brilliantly:)


  • 4.  RE: Dropping all traffic to and from specific IPs

    Posted 01-14-2013 23:25

    That is great to hear Smiley Happy