SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Visitor
Posts: 5
Registered: ‎10-10-2011
0 Kudos

Securing the SRX

I am using SRX240 for a trial. The box is only going to be used as a ADSL router. I want to secure the box from the outside world. I have attached my config for that box and was wondering what else should i change or add on the box to stop any rogue access into the box.

 

Thanks.

Super Contributor
Posts: 498
Registered: ‎03-29-2008
0 Kudos

Re: Securing the SRX

It actually looks ok to me already. Except mabye for the TFTP allowed in the untrust zone (you really need this?).

Other than that, your box seems pretty much closed down, no access should be possible from outside/untrust.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Contributor
Posts: 47
Registered: ‎09-27-2009
0 Kudos

Re: Securing the SRX

Neither tftp or dhcp should be necessary on the WAN interface unless you have a very customized setup running.  Both are server services and are not required for the device to acquire an address via DHCP.

Contributor
Posts: 35
Registered: ‎02-12-2010
0 Kudos

Re: Securing the SRX

[ Edited ]

Hello,

 

If you want to have external access to mgmt, you should create firewall filter and then attach it to yours lo0

 

Regards,

Piotr Bratkowski