SRX

Hi,

Will be installing Juniper Security Director soon and wanted to know what TCP/UDP ports are required to make it integrate with SRX firewalls?

Do I need to add a rule on the SRX so it comes from the relevant zone to the Junos-host in the policy base?

Thanks
#SRX
#director
#security

In general Security Director relies on the ports needed for Junos Space. The required ports are listed in https://kb.juniper.net/InfoCenter/index?page=content&id=kb18148

 

In summary only ssh from Space/SD towards the SRX gateways is needed. SD does netconf via ssh.

Ping and snmp-read (udp/161) are optional but nice to have available.

 

 

Thanks,

Just to clarify; do I need the rule to be from the zone SD sits in towards the Junos-host zone on each SRX?

In general your assumption is correct... but it depends on your setup.

 

It could also be that you only allow ssh as host-inbound-service system-services on the relevant zone/interface and then have a RE protection firewall filter to handle which IPs can access via ssh on this zone.

 

Alternative could also be a global policy which allows management across all zones to avoid doing multiple src-zoneX/Y/Z to junos-host policies (if ssh access is needed from multiple different zones)

 

Junos provides you many ways to accomplish the same goal 🙂

That’s great - thanks