SRX Services Gateway
Highlighted
SRX Services Gateway

SRX550 FIREWALL POLICY

03.19.17   |  
‎03-19-2017 07:48 PM

Hello Guys,

We have a deny all policy,based on internal customer requests ports are opened for applications from trust to untrust and in some cases to specific destination IPs sourcing our internal subnet, the issue is attempts to open additional ports no longer work using the same configuration which worked previously.

2 REPLIES
SRX Services Gateway

Re: SRX550 FIREWALL POLICY

03.20.17   |  
‎03-20-2017 03:18 AM

Things to look for are the order of the policies to make sure the traffic will select the correct one.

Add logging to the polcies to confirm which traffic is on which policy.

During the event testing you can look for the live session:

show security flow session source-prefix 1.1.1.1/32 destination-prefix 2.2.2.2/32

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
SRX Services Gateway

Re: SRX550 FIREWALL POLICY

03.20.17   |  
‎03-20-2017 09:20 AM

Hi,

 

Please share your security policy configuration and specify which policy is not working.

 

I will take a look at it.

 

Regards,

Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.