SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 210 in Transparent mode questions

    Posted 01-13-2014 04:12

    I have a SRX 210 H which i attend to use it in transparent mode. i searched on juniper site for the limitation using it in transparent mode ...but still i have same unqualified questions. 

       I undertand that in transparent mode u can not use: NAT, IPSEC, IDP .. but how about ANTIVIRUS ?. i understand the i can user zone based firewall.

     

    Another question : what is the difference between IDP and SCREEN option in Junos? ...in Transparent mode can i use the SCREEN option since is configured based on zone level ??

     

    Thank You

     

     



  • 2.  RE: SRX 210 in Transparent mode questions
    Best Answer

    Posted 01-13-2014 05:29

    JUNOS software Screen options secure a zone by inspecting, then allowing or denying, all connection attempts that require crossing an interface bound to that zone. JUNOS software then applies firewall policies, which can contain content filtering and Intrusion Detection and Prevention (IDP) components, to the traffic that passes the Screen filters.

    Antivirus is supported in transparent mode

     

    The following security features are not supported in transparent mode:

    • NAT is not supported.
    • IPsec VPN is not supported.
    • Application Layer Gateways (ALGs) and Intrusion Detection and Prevention (IDP) are not supported in this release.

    http://jncie-sec.exactnetworks.net/2012_11_01_archive.html (guide for configuring SRX in transparent mode)

    http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/id-68220.html

    http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-interfaces-and-routing/transparent-mode-overview-section.html

     

     

     

    Please mark this as accepted solution if it works for you

    A kudos is a good way of appreciation

     

    Kashif Nawaz

    JNCIP-Sec ,JNCIP-Ent

    JNCIS-Ent, JNCIS-Sec

    JNCIA-Junos



  • 3.  RE: SRX 210 in Transparent mode questions

    Posted 01-13-2014 06:16

    Unfortunately , polcier can not be implemented in SRX operating in transparent mode. However you can do port and queue shaping for traffic rate limiting.

     

     

     

    https://www.juniper.net/techpubs/en_US/junos12.1/topics/example/security-ba-classifier-transparent-mode-device-configuring.html

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB22066&actp=RSS

     

    for queue shaping include shaping-rate under scheduler in Class of Service hierarchy  (value in m mb , g gb, k kb)

     

     

    Please mark this as accepted solution if it works for you

    A kudos is a good way of appreciation

     

    Kashif Nawaz

    JNCIP-Sec ,JNCIP-Ent

    JNCIS-Ent, JNCIS-Sec

    JNCIA-Junos