Hi Fred,
You can configure vlan tagging on SRX reth interface (trust port)
Eg:
reth1 {
vlan-tagging;
redundant-ether-options {
redundancy-group1;
}
unit 10 {
vlan-id 10;
family inet {
address 192.168.10.1/24;
}
}
}
unit 20 {
vlan-id 20;
family inet {
address 192.168.20.1/24;
}
}
}
}
unit 30 {
vlan-id 30;
family inet {
address 192.168.30.1/24;
}
}
}
You can create custom security zones called LAN , WAN etc.
set security zones security zone WAN interface reth0 host-inbound-services system-services all
set security zones security zone WAN interface Reth0 host-inbound-services protocols all
set security zones security zone LAN-10 interface reth1.10 host-inbound-services system-services all
set security zones security zone LAN-10 interface reth1.10 host-inbound-services protocols all
set security zones security zone LAN-20 interface reth1.20 host-inbound-services system-services all
set security zones security zone LAN-20 interface reth1.20 host-inbound-services protocols all
set security zones security zone LAN-30 interface reth1.30 host-inbound-services system-services all
set security zones security zone LAN-30 interface reth1.30 host-inbound-services protocols all
Now you can create security policies between LAN-10 to LAN-20 etc as well as between LAN-10 to WAN.
Also you can put all sub-interfaces reth1.10 , reth1.20 and reth1.30 in one Securtity zone called LAN
Regards
rparthi
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too