SRX

Can someone explain to me the difference between the Junos-host zone and allowing system services on an interface? Or are they one in the same?

Hi aaron9615,

Junos-host zone can be used to add an additional check for traffic destined to SRX. if you dont configure any security policy to-zone junos-host, the traffic/packet will be validated based on host-inbound-traffic configured under security zones. If you configure security policy to-zone junos host, that policy check will be done additional to host-inbound-traffic/services specified under zones.

For example, if you allow SSH/Telnet/OSPF under interface ge-0/0/0.0, but configure a security policy to-zone junos-host allowing SSH, then Telnet/OSPF wont work. Only SSH will work.

Below links can provide some more details.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB24227

http://forums.juniper.net/t5/SRX-Services-Gateway/JUNOS-HOST-zone-vs-lo0-filter/td-p/146916

Thank you for the very clear definition, that is exactly what I was looking for. rsuraj I would really like to thank you personally though, you have been extremely helpful with helping me navigate various Junos questions.

Aaron