Thank you! Here it is
root@SRX-1# run show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 03:50:30
> to 148.22.100.1 via ge-0/0/1.0
148.22.100.0/28 *[Direct/0] 03:50:30
> via ge-0/0/1.0
148.22.100.2/32 *[Local/0] 03:50:32
Local via ge-0/0/1.0
192.168.100.1/32 *[Local/0] 03:15:05
Reject
[edit]
root@SRX-1# run ping 148.22.100.1 source 148.22.100.2
PING 148.22.100.1 (148.22.100.1): 56 data bytes
^C
--- 148.22.100.1 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
[edit]
root@SRX-1#
Also, from SRX-2
root@SRX-2# run show route
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
146.22.56.0/28 *[Direct/0] 03:50:27
> via ge-0/0/5.0
146.22.56.1/32 *[Local/0] 03:50:28
Local via ge-0/0/5.0
148.22.100.0/28 *[Direct/0] 03:50:27
> via ge-0/0/1.0
148.22.100.1/32 *[Local/0] 03:50:28
Local via ge-0/0/1.0
[edit]
root@SRX-2# show security zones security-zone ?
Possible completions:
<name> Name of the zone
INSIDE Name of the zone
INTERNET Name of the zone
Public-Edge Name of the zone
trust Name of the zone
untrust Name of the zone
[edit]
root@SRX-2# show security zones
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/1.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
}
}
}
}
}
security-zone Public-Edge;
security-zone INTERNET {
host-inbound-traffic {
system-services {
ssh;
telnet;
ping;
all;
}
}
}
security-zone INSIDE {
host-inbound-traffic {
system-services {
all;
}
}
}
[edit]
root@SRX-2# show security policies
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
[edit]
root@SRX-2#