SRX Services Gateway
Highlighted
SRX Services Gateway

Traffic between vlans applying security policies ¿possible?

‎07-21-2020 08:07 AM
 
Hello everyone!

I have a question I would like to ask:

I need to create 4 vlans (internal) - vlan10,20,30 & 40
Assign them ip
Associate them with the trust zone

And that the teams in vlan 10 can communicate with 40 but in turn apply security rules (policies)

What would be the best way to do it via cli? Through IRB perhaps ?.
I have tried it that way but cannot get it to work.

How would you do it?

Thank you very much!
Regards
3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Traffic between vlans applying security policies ¿possible?

[ Edited ]
‎07-21-2020 08:20 AM

Hi Chaimae,

 

I think we can achieve your requirement by using irb interfaces.

 

Create multiple units under irb for your respective vlans and associate them with security zone - TRUST. If you would like to make a PC in VLAN-10 communicate with a PC in VLAN-40, you need to configure Intra-zone policy. i.e. from-zone TRUST to-zone TRUST policy.

 

I guess the following forum link explains the same scenario like yours - https://forums.juniper.net/t5/SRX-Services-Gateway/intra-zone-traffic/td-p/166638



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Traffic between vlans applying security policies ¿possible?

‎07-21-2020 10:50 AM

Thank you so much noobmaster!

I'll give a try ride away! and let you know how it went.

Best regards!

Highlighted
SRX Services Gateway

Re: Traffic between vlans applying security policies ¿possible?

‎07-24-2020 03:20 AM

Hello Chaimae,

 

How about this one? Did it work?



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback