SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Posts: 802
Registered: ‎06-30-2009
0 Kudos

External AV Scan for http

Hi Experts


We have SRX650. It has Trust Zone (users), Untrust Zone (Internet) and AV Zone (External AV snanner). For Trust to Untrust traffic interface based NAT is used.


We want, all the users http traffic (browsing) should go to first AV Scanner and then comes to SRX again because AV Scanner gateway is SRX and then goes to internet. How I can do this any idea? I am thing usign PBR to send all the http traffic to AV Scanner.


1- Should I use routing-instance type forwarding or virtual router?

2- Also When reverse http traffic comes it should also pass through AV not directly comes to users.


Attached is the diagram.