Hi ,
Can someone please explain to me what a Junos-host zone is used for. I'm very new to security and I'm preparing for JNCIS-SEC. I do have the fast track pdf's with me.
It says -----
The Junos-host zone a system-defined zone. You can configure the junos-host zone in a security policy toprovide granular control for which host-inbound or host-outbound traffic is allowed in or out of a securityzone on the SRX device.
Functional zones, such as the management zone, cannot be used in a security policy. For inbound traffic to be processed by the junos-host zone, the traffic has first to be allowed by the host-inbound-traffic setting of an ingress security zone, after which a normal policy lookup will be done from the ingress zone to the junos-host zone. You can also use the junos-host zone to control or apply services to host outbound traffic. An example of controlling services to host-outbound traffic would be to configure a security policy to allow host-outbound traffic through a policy-based VPN. Traffic is permitted through the junos-host zone unless otherwise explicitlydenied by a user-defined security policy.
So , there are 2 system defined zones - Null zone and Junos-host zones .
Security zones are the ones used to control transit traffic
Functional zones for management traffic
Null zones is the default zone and all traffic for the interfaces in null zones are dropped.
I understand security zones, functional zones and null zones. Where does Junos-host zone come in ?Can one of you please explain to me , why exacly we use Junos-host zone , and where it comes to use ?
Any help is much appreciated !
Thanks,
Pradeep