SRX Services Gateway
Highlighted
SRX Services Gateway

Adding IRB interfaces to a security zone

[ Edited ]
‎11-12-2019 04:10 AM

Currently we are using a number of SRX550s running 12.1X47-D40.1 and use the vlan interface in a security zone:

 

set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN1

set interfaces vlan unit 1 family inet address 192.168.0.1/24

set security zones security-zone VLAN1 interfaces vlan.1

 

This works fine and we can use the security zone in policies, routing traffic from the vlan to L3 interfaces.

 

However when we try the same configuration on an SRX4100 running 15.1X49-D190 we are forced to use irb interfaces in place of vlan, and these cannot be added to a security zone, when we try the same configuration using irb in place of vlan we get a message similar to:

 

'irb interfaces cannot be addded to security zone in mixed mode'

 

How do we mimic the previous functionality of the vlan interface in security zones?

 

Many Thanks

 

 

 

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Adding IRB interfaces to a security zone

‎11-12-2019 04:41 AM

Ethernet Switching is not supported on High end platforms like SRX4K (4100/4200/4600)  and SRX5K series. You may use family inet and configure sub interface for each vlan.

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Adding IRB interfaces to a security zone

‎11-13-2019 01:37 AM

Many thanks for the quick response. Is this functionality available with newer branch devices? We often have to connect a single SRX to two seperate switches, so we use a VLAN for redundancy.

SRX Services Gateway

Re: Adding IRB interfaces to a security zone

‎11-13-2019 01:57 AM

Yes, it is supported on newer branch models. Please refer the following URL for details: 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ethernet-port-switching-modes.htm...

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!