SRX Services Gateway
Reply
Contributor
mmcgilly
Posts: 15
Registered: ‎09-17-2010
0

Firewall traffic to external interfaces

For a remote site, with a SRX100, I want to be able to manage it with ssh and web but only from my external ip address. Similarly there will be an IPSec VPN between the sites but I only want to accept ike from it's specific peer's ip address.

 

Am I right in thinking that security policies won't have any effect as I'm not going between zones?

Trusted Contributor
rfrederick
Posts: 213
Registered: ‎07-14-2008
0

Re: Firewall traffic to external interfaces

You are correct in stating the the security policies will not have an effect.  The features you are looking for are "host-inbound-traffic", where you set the allowed services on the particular interfaces in a security zone (or the entire zone), and then setting up a firewall filter and applying it to the loopback interface to specifically allow and / or deny certain remote addresses.

 

Ron

Distinguished Expert
Screenie
Posts: 1,083
Registered: ‎01-10-2008
0

Re: Firewall traffic to external interfaces

The host-inbound traffic defines what service is allowed, not where from. If you want that: ttake a look at the post I wrote about this in the config library: http://forums.juniper.net/t5/Configuration-Library/Configuration-Example-permited-IP-on-SRX/m-p/5839... .

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.