SRX

last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX has security policy and a firewall filter matching the same traffic?

    Posted 12-15-2014 15:31

    Which way will the SRX choose to filter traffic?

    Also, if firewall filters are stateless, if I want to enable traffic between 2 zones, does it mean I have to apply to firewall filters; one in each direction(interface) in order to pass traffic?

     

    Thanks in advance



  • 2.  RE: SRX has security policy and a firewall filter matching the same traffic?

    Posted 12-15-2014 21:59

    Hi Wall-ED,

     

    SRX will allow traffic between 2 zones if it has the allow security policy.

     

    If you have a requirement to filter some traffic , then you need to apply it to source or destination interface in either input or output directions.

     

    stateless filter will be applied first and then the security policies.

     

     

     

    Regards,
    rparthi

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 3.  RE: SRX has security policy and a firewall filter matching the same traffic?
    Best Answer

    Posted 12-15-2014 22:15

    If the SRX is in flow mode, then filtering as follows;

    Without polices to allow traffic, no communication between Zone1 and Zone 2

    if policies are created matching source Zone1 to Zone2, then bi-directional communication allowed for traffic initiated from  Zone1 to Zone2. No Communication from Zone2 to Zone1. You must create policy to match source Zone2 destination Zone1 to allow bi-directional communication initiated from both zones.

    If running in packet mode, then treat as a regular router. Flow module is bypassed and traffic is routed between all interfaces. You would need to create filters and apply in both input and output direction on th e desired interfaces.