SRX Services Gateway
SRX Services Gateway

SRX240 Configuration Help

‎07-05-2016 07:58 AM

Im new to firewalls in general so im having difficulties figuring this thing out. So basically ive worked on this firewall for about a week and im unsure where to start. So basically we will be using 14 total interfaces with 14 zones i do believe. Zone 1 is our lab and the other 13 zones or interfaces are coming in from multiple points across the US, zone 1 has to allow traffic from the other 13 zones but the 13 zones dont have to talk between one another. We are using this firewall just to filter the traffic that comes in with a switch behind it. So my questions is where do i start to allow for this? The whole address book and firewall polocies on j-web is just confusing, and like i said ive never configured a firewall muchless a juniper. Hope someone can help and if you have any questions just ask me.


Thanks in advance

SRX Services Gateway

Re: SRX240 Configuration Help

‎07-05-2016 08:29 AM

I know this sounds pretty vague, but any help woud be awesome to get me going in the right direction

SRX Services Gateway

Re: SRX240 Configuration Help

‎07-05-2016 09:27 AM



This may be a good resource: Security Configuration Guide

Parts 2-4 are relevant.


SRX allows combining several interfaces under the same zone which helps to simplify security policies.

I believe the steps would be as follows:

1. Interface & Zone config + configure interface[s] under required zone

2. Address-book, to maintain list of IP address / hosts / IP address range

3. Security policies [requires above 2]. Needs a from-zone and to-zone + can filter based on:

    (a) source / destination address [From address-book]

    (b) application or protocol [Some applications are already defined in a dictionary, custom applications can also be defined]

    (c) an action in the policy [permit / deny / log etc]


Hope this helps.