lo0 filter friendly for UTM

ttl_expired · ‎11-11-2008

Hi All,

Does anyone know what exception should be created in order to have a filter on lo0 ( For security and managment access) and still have the UTM get all its updates and jazz.

Here is my current filter on lo0 that kills all UTM functions

Family inet

filter conf-services

term routing

from

protocol ospf

then

accept

term admin-allow

from

source-prefix-list permited-IP's

then

accept

term everythingelse

then

discard

Thanks!

oldtimer · ‎11-06-2007

Is this with multiple or single routing instances? And is this in a cluster? If the destination UTM server is not in the default routing instance, that may be part of the problem.

ttl_expired · ‎11-11-2008

single box, single routing instance.

mawr · ‎06-11-2010

You'll have to allow 9020 UDP for Surf Control Integrated. I'm not sure about the other services though.

tbehrens · ‎04-30-2010

You have a few ways to handle this.

One of the easiest is to change your last term to an "accept all" instead of "deny all", and have two terms before it: ssh and https accept from certain source IPs; ssh and https deny from all; followed by allow all. This avoids needing to know each port you need to open up. It also means you'd trust the SRX to be secure.

If you do want to explicitly allow, you could remove the filter, run a monitor traffic, run UTM updates, then go through the capture file to see what protocols are being used.

lo0 filter friendly for UTM

Re: lo0 filter friendly for UTM

Re: lo0 filter friendly for UTM

Re: lo0 filter friendly for UTM

Re: lo0 filter friendly for UTM