SRX Services Gateway
Reply
Visitor
scorpiomnz
Posts: 5
Registered: ‎10-10-2011
0

Securing the SRX

I am using SRX240 for a trial. The box is only going to be used as a ADSL router. I want to secure the box from the outside world. I have attached my config for that box and was wondering what else should i change or add on the box to stop any rogue access into the box.

 

Thanks.

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Securing the SRX

It actually looks ok to me already. Except mabye for the TFTP allowed in the untrust zone (you really need this?).

Other than that, your box seems pretty much closed down, no access should be possible from outside/untrust.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Contributor
AidanOS
Posts: 47
Registered: ‎09-27-2009
0

Re: Securing the SRX

Neither tftp or dhcp should be necessary on the WAN interface unless you have a very customized setup running.  Both are server services and are not required for the device to acquire an address via DHCP.

Contributor
pioterbrat
Posts: 35
Registered: ‎02-12-2010
0

Re: Securing the SRX

[ Edited ]

Hello,

 

If you want to have external access to mgmt, you should create firewall filter and then attach it to yours lo0

 

Regards,

Piotr Bratkowski

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.