SRX

MGT zone is created by default or we need to created it , and how to bind interface into it . is there any detail documment about it . and how to block intra zone traffic , i cannot find any document about it .

Hello,

This link gives detailed information about Initial Configuration of SRX1400.

http://www.juniper.net/techpubs/en_US/release-independent/junos/topics/task/configuration/services-gateway-srx1400-initial-software-configuration-performing-cli.html

With Factory Default settings, Trust zone to Trust zone traffic is blocked....Untrust to Trust zone traffic is blocked.....& Trust to Untrust zone is allowed.

If you want to override this, you can configure security policy to permit the traffic (e.g. Trust to Trust policy to allow certain traffic).

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16553#defsecpol

Regards,

Rushi

so can i think it in this way . if no policy define for intrazone traffic , the intrazone traffic will match  the default policy? and MGT is a function zone , the configuration of this zone is same with usual zone ?

Hello,

You are right is saying that:

If no intrazone policy is configured, traffic will match default policy.

MGT is a special functional zone. Only dedicated management interfaces can be assigned to MGT. Traffic coming on MGT zone has to be packet destined for the device itself e.g. SSH, Telnet to the box.

Traffic can not come on MGT interface & leave from other interface in other zone.

http://www.juniper.net/documentation/en_US/junos11.4/topics/concept/zone-functional-understanding.html

Regards,

Rushi