SRX Services Gateway
SRX Services Gateway

Prevent client input IP address manually

‎11-15-2019 01:23 AM

Can I configure my SRX300 to prevent any client computer to input the IP address manually?

I try to use the IP Address binding (MAC address map to IP), however if client input the IP address manually, they still access the untrust network.

 

How can I control the client computer's IP Address in SRX300 ? Or it must be done in client side?

 

Thank you so much.

Best Regards

Matthew Ho

2 REPLIES 2
SRX Services Gateway

Re: Prevent client input IP address manually

‎11-16-2019 06:04 PM

Hi Matt,

 

Because configuring an static IP address is performed in the host itself, it could only be blocked/denied at the host side itself.

 

At the SRX you can force specific addresses to be assigned to specific hosts based on their MAC addresses when the SRX is acting as a DHCP server but thats as far as you can go with manipulating the address assignment.

 

Hope this helps you and please mark my asnwer as "Solution" if it applies.

 

SRX Services Gateway

Re: Prevent client input IP address manually

‎11-17-2019 05:21 AM

The feature is not available on the SRX but on EX switches you could enable source guard along with dhcp snooping to prevent such rogue configured devices from getting access to the network.  If the mac/ip combination is not valid in the dhcp table the device is prevented from connecting on untrusted ports.

 

https://www.juniper.net/documentation/en_US/junos/topics/example/port-security-protect-from-spoofing...

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home