SRX Services Gateway
SRX Services Gateway

Zscaler Webfilter with SRX

07.12.11   |  
‎07-12-2011 07:29 AM

We are evaluating using Zscaler for Web content filtering.  They sent me a recipe to run GRE tunnels to their filter sites and policy routing to push 80 and 443 traffic to them.  They don't seem to have a recipe for SRX/JUNOS.  Dooes anyone have a config for GRE tunneling and PBR for JUNOS?

 

-=Dan=-

-=Dan=-
4 REPLIES
SRX Services Gateway

Re: Zscaler Webfilter with SRX

07.12.11   |  
‎07-12-2011 07:45 AM
SRX Services Gateway

Re: Zscaler Webfilter with SRX

07.12.11   |  
‎07-12-2011 07:54 AM

I don't have a cooked recipe, but configuring GRE:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB12769

 

Configuring Filter Based Forwarding:

 

http://www.juniper.net/techpubs/software/junos/junos71/swconfig71-policy/html/firewall-config33.html

 

I would put the GRE interface in a separate VR which has the route pointed to it for the zScaler.

 

Note that GRE isn't supported until 11.2 on the high end, but is already supported on the Branch SRX.

SRX Services Gateway

Re: Zscaler Webfilter with SRX

07.12.11   |  
‎07-12-2011 08:07 AM

We are going to use a SRX 240 as this is at a small plant facility in Mexico for the pilot.  I was planning on using 10.4 as that's where I understand alot of energy is flowing....

 

-=Dan=-

-=Dan=-
SRX Services Gateway

Re: Zscaler Webfilter with SRX

07.12.11   |  
‎07-12-2011 08:10 AM

Should be fine.  10.4 is an EEOL release, and the 10.4r4 code is recommended.  Juniper is putting a lot more effort into stability, but especialy for our EEOL releases.