SRX Services Gateway
Reply
Contributor
aeroplane
Posts: 723
Registered: ‎06-30-2009
0

External AV Scan for http

Hi Experts

 

We have SRX650. It has Trust Zone (users), Untrust Zone (Internet) and AV Zone (External AV snanner). For Trust to Untrust traffic interface based NAT is used.

 

We want, all the users http traffic (browsing) should go to first AV Scanner and then comes to SRX again because AV Scanner gateway is SRX and then goes to internet. How I can do this any idea? I am thing usign PBR to send all the http traffic to AV Scanner.

 

1- Should I use routing-instance type forwarding or virtual router?

2- Also When reverse http traffic comes it should also pass through AV not directly comes to users.

 

Attached is the diagram.

 

Thanks

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.