SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
scorpiomnz
Visitor
scorpiomnz
Posts: 5
Registered: ‎10-10-2011
0

Securing the SRX

Options

‎11-01-2011 10:42 AM

I am using SRX240 for a trial. The box is only going to be used as a ADSL router. I want to secure the box from the outside world. I have attached my config for that box and was wondering what else should i change or add on the box to stop any rogue access into the box.

 

Thanks.

Attachment workingconfigv0.4TRIAL.txt ‏8 KB
Message 1 of 4 (236 Views)
 
Reply
Super Contributor
cryptochrome
Posts: 475
Registered: ‎03-29-2008
0

Re: Securing the SRX

Options

‎11-01-2011 11:08 AM

It actually looks ok to me already. Except mabye for the TFTP allowed in the untrust zone (you really need this?).

Other than that, your box seems pretty much closed down, no access should be possible from outside/untrust.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Message 2 of 4 (235 Views)
 
Reply
AidanOS
Contributor
AidanOS
Posts: 47
Registered: ‎09-27-2009
0

Re: Securing the SRX

Options

‎11-02-2011 04:07 AM

Neither tftp or dhcp should be necessary on the WAN interface unless you have a very customized setup running.  Both are server services and are not required for the device to acquire an address via DHCP.

Message 3 of 4 (202 Views)
 
Reply
pioterbrat
Contributor
pioterbrat
Posts: 35
Registered: ‎02-12-2010
0

Re: Securing the SRX

[ Edited ]
Options

‎11-03-2011 09:28 AM - edited ‎11-03-2011 09:29 AM

Hello,

 

If you want to have external access to mgmt, you should create firewall filter and then attach it to yours lo0

 

Regards,

Piotr Bratkowski

Message 4 of 4 (171 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.