SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 3
Registered: ‎06-05-2017
0 Kudos

SRX specific web traffic to appliance

Looking for a way to direct all web traffic (http/https) destin for address proxy.company.com to get directed to a web appliance.  Again only looking for traffic destin for proxy.company.com to get directed to the appliance.  I'm guessing this can be done with possibly NAT, firewall rule, and possibly a routing instance.  Was thinking the NAT rule below or similar would be needed, but unsure about routing instance.

 

set security nat source rule-set web-traffic-rule from zone trust1
set security nat source rule-set web-traffic-rule to zone trust2
set security nat source rule-set web-traffic-rule rule internet-access match zone trust1
set security nat source rule-set web-traffic-rule rule internet-access match destination-address proxy.company.com
set security nat source rule-set web-traffic-rule rule internet-access match destination-port 443
set security nat source rule-set web-traffic-rule rule internet-access match destination-port 80
set security nat source rule-set web-traffic-rule rule internet-access then source-nat interface

 

Any help would be greatly appreciated.

 

 

 

Highlighted
Distinguished Expert
Posts: 5,119
Registered: ‎03-30-2009
0 Kudos

Re: SRX specific web traffic to appliance

The feature you need for this is called Filter Based Forwarding also known as policy based routing.  With FBF you check the traffic for whatever criteria you want and then route the traffic based on the rule.

 

In your case you will look for certain destination ports and forward to a specific address.

 

This is a configuration example you can use and modify for your specific ports and addresses.

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/filter-based-forwarding-policy-ba...

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Distinguished Expert
Posts: 1,945
Registered: ‎06-06-2011
0 Kudos

Re: SRX specific web traffic to appliance

[ Edited ]

What if you  created a DNS entry for that domain on your DNS server, would that not work? I suppose this is an internal Web Server? And then your internal Zone to zone polices should allow access?

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]