SRX

Just wondering how everyone is filtering traffic destin to an SRX, for example, on my management zone I have ssh access granted in host-inbound-services, however I would like to only allow ssh from one ip in my management zone. Firewall filter on the loopback the best way to accomplish that?

Thanks.

Hi Jrooney,

I wote a post on this subject a while ago: http://forums.juniper.net/t5/Configuration-Library/Configuration-Example-permited-IP-on-SRX/m-p/58392/highlight/true#M26 This config is used by several members of this community now I noticed. However: starting in junios 11.4 there's this new zone called junos-host. You can now just create address book entries and filter management traffic statefull using this zone. Just like normal transit policies! How cool is that? see http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/release-notes/11.4/junos-release-notes-11.4r1.pdf page 163.

So as often the answer on your question is: it depends. (on the junos version you're using)

Thank you very much, I'd love to go to 11.4 but with my 650's i've run into a few bugs and ended up having to back into 10.4 for stability.

Thanks again.