SRX

Guys,

I know how ridiculously stupid this sounds, but this is my first time dealing with juniper and I need some help with configuring an SRX100 unit for remote access. I've read the manual a few times and I can't believe it's not working...

I have configured the fe-0/0/0.0 with a public IP of IVO.IVO.IVO.IVO; Also, I have enabled telnet, ssh, http, https on that interface.

If you guys can take a look and help out, here is a copy of the srx config:

p.s. This is only my second real-world project, so please bear with me:)

Attachment(s)

Copy of SRX.txt   8 KB 1 version

Hi,

the problem is with the host-inbound-traffic settings.  currently you have set ssh,ping,http and https at zone level and dhcp,tftp at interface level. so for this interface fe-0/0/0 only dhcp,tftp are enabled(only the most specifics), the corresponding zone level settings won't apply. So enable ssh/ping/http/hppts under fe-0/0/0.0 interface itself instead of zone level.

        security-zone untrust {
            screen untrust-screen;
            host-inbound-traffic {
                system-services {
                    ssh;
                    ping;
                    http;
                    https;
                }
            }
            interfaces {
                fe-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                            tftp;
                        }
                    }
                }
            }
        }

 Changes to be made -

set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone untrust interfaces fe-0/0/0.0 host-inbound-traffic system-services ping

 Hope this helps

Thanks a lot for getting back to me:)