SRX

Hi All,

      Does anyone know what exception should be created in order to have a filter on lo0 ( For security and managment access) and still have the UTM get all its updates and jazz.

Here is my current filter on lo0 that kills all UTM functions

Family inet

   filter conf-services

       term routing

          from

                protocol ospf

         then

                accept

      term admin-allow

          from 

             source-prefix-list  permited-IP's

          then

             accept

      term  everythingelse

           then

              discard

Thanks!

Is this with multiple or single routing instances?  And is this in a cluster?  If the destination UTM server is not in the default routing instance, that may be part of the problem. 

single box, single routing instance.

You'll have to allow 9020 UDP for Surf Control Integrated.  I'm not sure about the other services though.

You have a few ways to handle this.

One of the easiest is to change your last term to an "accept all" instead of "deny all", and have two terms before it: ssh and https accept from certain source IPs; ssh and https deny from all; followed by allow all. This avoids needing to know each port you need to open up. It also means you'd trust the SRX to be secure.

If you do want to explicitly allow, you could remove the filter, run a monitor traffic, run UTM updates, then go through the capture file to see what protocols are being used.