SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 10
Registered: ‎02-28-2017
0 Kudos

SRX550 FIREWALL POLICY

Hello Guys,

We have a deny all policy,based on internal customer requests ports are opened for applications from trust to untrust and in some cases to specific destination IPs sourcing our internal subnet, the issue is attempts to open additional ports no longer work using the same configuration which worked previously.

Distinguished Expert
Posts: 5,122
Registered: ‎03-30-2009
0 Kudos

Re: SRX550 FIREWALL POLICY

Things to look for are the order of the policies to make sure the traffic will select the correct one.

Add logging to the polcies to confirm which traffic is on which policy.

During the event testing you can look for the live session:

show security flow session source-prefix 1.1.1.1/32 destination-prefix 2.2.2.2/32

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Highlighted
Recognized Expert
Posts: 200
Registered: ‎04-03-2015
0 Kudos

Re: SRX550 FIREWALL POLICY

Hi,

 

Please share your security policy configuration and specify which policy is not working.

 

I will take a look at it.

 

Regards,

Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.