SRX Services Gateway
Highlighted
SRX Services Gateway

[Help] Disable Allowed host-inbound traffic

‎06-05-2018 09:15 PM

Can someone help me to disable telnet ssg http from accessing in public.

Seeing alot of connections connected to my SRX. I wanted to blocked those.

showsystem.png

 

 

Disable Allowed host-inbound traffic.png

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: [Help] Disable Allowed host-inbound traffic

‎06-05-2018 09:21 PM
Best option is to put a firewall filter to allow conections only from trusted IPs.

https://www.juniper.net/documentation/en_US/junos/topics/example/routing-stateless-firewall-filter-s...
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: [Help] Disable Allowed host-inbound traffic

‎06-05-2018 10:18 PM

Hi,

The connectiones you marked are used for internal communications in SRX. Those connectiones are not coming from Public/Outside.

To restrict host inbound traffic from "WAN" Zone, you have to modify the WAN host inbound traffic configuration.

Delete the config and re-configure as per your reuquirement:

delete security zones security-zone WAN host-inbound-traffic system-services

(If the host-inbound-traffic is configured under interface ge-0/0/0 level, you have to remove it from interface level also)
set security zones security-zone WAN host-inbound-traffic system-services ping

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback