SRX Services Gateway
SRX Services Gateway

Securing the SRX

11.01.11   |  
‎11-01-2011 10:42 AM

I am using SRX240 for a trial. The box is only going to be used as a ADSL router. I want to secure the box from the outside world. I have attached my config for that box and was wondering what else should i change or add on the box to stop any rogue access into the box.

 

Thanks.

Attachments

3 REPLIES
SRX Services Gateway

Re: Securing the SRX

11.01.11   |  
‎11-01-2011 11:08 AM
It actually looks ok to me already. Except mabye for the TFTP allowed in the untrust zone (you really need this?).

Other than that, your box seems pretty much closed down, no access should be possible from outside/untrust.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
SRX Services Gateway

Re: Securing the SRX

11.02.11   |  
‎11-02-2011 04:07 AM

Neither tftp or dhcp should be necessary on the WAN interface unless you have a very customized setup running.  Both are server services and are not required for the device to acquire an address via DHCP.

Highlighted
SRX Services Gateway

Re: Securing the SRX

[ Edited ]
11.03.11   |  
‎11-03-2011 09:28 AM

Hello,

 

If you want to have external access to mgmt, you should create firewall filter and then attach it to yours lo0

 

Regards,

Piotr Bratkowski