Hi,

I'm just learning srx and having trouble with filter based forwarding. I found a dozen of article here, but cannot solve my problem.

I'm testing a srx-100 (like to replace an ssg-5. I have two untrust interfaces (one of them fixed, one of them is PPPoE - but in my test environment I use one fix IP and a DHCP client). So main config is the following:

fe-0/0/0.0 192.168.11.1/24 - trust

fe-0/0/1.0 dhcp client - untrust

fe-0/0/2.0 89.133.214.27/28 - untrust gateway: 89.133.214.30

I'd like to route http/https traffic to fe-0/0/2.0 if

Please help! I also attache the full config.

My routing config:

routing-options {
    interface-routes {
        rib-group inet default;
    }
    static {
        rib-group default;
        route 0.0.0.0/0 {
            next-hop 192.168.7.1;                                     I filled this up but this address is provided by dhcp I can't use if as next-hop
            metric 5;
        }
    }
    rib-groups {
        default {
            import-rib [ inet.0 upc.inet.0 ];
        }
    }
}

firewall {
    family inet {
        filter iroda-input {
            term web-traffic {
                from {
                    source-address {
                        192.168.11.0/24;
                    }
                    destination-port [ http https ];
                }
                then {
                    routing-instance upc;
                }
            }
            term default {
                then accept;
            }
        }
    }
}
routing-instances {
    upc {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 89.133.214.30;
            }
        }
    }
}