SRX

Hello,

I am working with Juniper SRX for the first time, so please bare with me

Questions I have:

If I have 2 logical interfaces setup on the same physical interface is that possible to assign them to the different zones?

Like this: one would go to trust and the other one to untrust zone?

When I: set routing-options static route 0.0.0.0/0 next-hop x.x.x.3
Is this like a global routing settings for SRX which will be applicable to all ports?

So any device plugged into the physical ports on SRX will follow this routing rule?

I know I can setup DHCP pool for VLANs, but what if I don't want DHCP pool assigment?

Would this be enough? Will this work?

set unit 0 family ethernet-switching vlan members Medical

set interface vlan unit 5 family inet address 10.1.0.50/24
set vlan Medical l3-interface vlan.5

SRX connected to Cisco layer3 switch via trunk with matching VLAN on it. (Cisco has VLAN 5 with network address 10.1.0.0/24)

Regards,

Ron

Yes, logical interfaces are different devices and can be assigned to different security-zones.  ge-0/0/0.0 and ge-0/0/0.1 are two different interfaces that can each be in different security-zones.

set routing-options static route 0.0.0.0/0 next-hop x.x.x.3

This sets a default gateway for the SRX.  So any traffic entering the SRX for which there is no specific destination for will use this route to forward traffic. 

set unit 0 family ethernet-switching vlan members Medical

set interface vlan unit 5 family inet address 10.1.0.50/24
set vlan Medical l3-interface vlan.5

This creates a VLAN with a layer 3 interface IP associated with it. Those commands are the correct commands to create a static IP associated with the VLAN.  Anything plugged in on a switch, or trunked into a port that has the correct VLAN tag will be able to communicate with that IP.

Thank you for confirming it, gsweet!