Hi everybody
Please consider the following example:
Case:1
PC--199.199.199.10-----199.199.199.1 F1 SRX
F1: Zone A, host inbound ssh
Lo0:0 1.1.1.1 , Zone B host inbound ssh
I observed following:
1) In order to for PC to be able to SSH into using lo0 ( 1.1.1.1), we need to define Policy to allow such traffic. Even though this is not a transit traffic as it is destined to SRX, but PC is not able to SSH using lo0 unless we have policy to allow ssh traffic.
Is it expected behavior?
Case :2
PC--199.199.199.10-----199.199.199.1 F1 SRX
F1: Zone A, host inbound ssh
Lo0:0 1.1.1.1 , management zone ( functional zone) host inbound ssh
We can not use managemnet zone in secuity policies. should we still be able to SSH into SRX using 1.1.1.1 from PC?
I understand the whole point of using managemnet zone is to use physiacl port for MGMT access as branch SRX does not have dedicated MGMT port.
Appreciated and have a good day!!