Thank you steve puluka, you are great.I have watched few of your videos on youtube and it was very good.
Moving forward from here, can you please please advise me on what design I should follow and what i prefer layer 2 transparent with irb interface or layer 3 assigning IP addresses to both srx interfaces??
actually the customer changed its requirement and its making hard for me..current old design only had trust and all servers in same trust zone So on new SSG i just had to create untrust and trust zone and connect my srx as IPS(in layer 3)
1) Untrust(public address)-->SSG -->Trust(private add) ----> Untrust(priavte)--SRX --Trust(private) ------>>Core switch
so in this above design i assigned priavte addresses and make two subnets...one between SSG trust -->Untrust SRX
and one for SRX Trust -->> core switch
but now customer saying needs DMZ also in SSG so if i pass both trust zone and dmz traffic through SRX i need to place SRX on facing internet like below scnerario 2,
2) Untrust(public address) -->SRX-->Trust(private)---->>>Untrust(private)--SSG--Trust and DMZ(private)----->> Core Switch
So in second design only the SRX untrust in public and still 2 subnets private one in srx trust and ssg untrust and other in ssg trust and core switch.
Could you please advise if I go for second design??? and if i go for second design its best to use SRX as layer 3 assigning IP addresses on its interfaces or go for the irb interface as you mentioned, i never created IRB interface so i dont know which option will be easy 🙂
Pleaase I wait for your reply.