SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 15
Registered: ‎09-17-2010
0 Kudos

Firewall traffic to external interfaces

For a remote site, with a SRX100, I want to be able to manage it with ssh and web but only from my external ip address. Similarly there will be an IPSec VPN between the sites but I only want to accept ike from it's specific peer's ip address.

 

Am I right in thinking that security policies won't have any effect as I'm not going between zones?

Trusted Contributor
Posts: 213
Registered: ‎07-14-2008
0 Kudos

Re: Firewall traffic to external interfaces

You are correct in stating the the security policies will not have an effect.  The features you are looking for are "host-inbound-traffic", where you set the allowed services on the particular interfaces in a security zone (or the entire zone), and then setting up a firewall filter and applying it to the loopback interface to specifically allow and / or deny certain remote addresses.

 

Ron

Distinguished Expert
Posts: 1,118
Registered: ‎01-10-2008
0 Kudos

Re: Firewall traffic to external interfaces

The host-inbound traffic defines what service is allowed, not where from. If you want that: ttake a look at the post I wrote about this in the config library: http://forums.juniper.net/t5/Configuration-Library/Configuration-Example-permited-IP-on-SRX/m-p/5839... .

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.