SRX Services Gateway
SRX Services Gateway

separation of network

[ Edited ]
‎09-30-2019 09:16 PM

Hi all,

Can I please ask about what is the best practice when a network goes to different company's management?

For instance: there is a number of remote site juniper devices are going to be managed (hand-over) by other company where their network is isolated from the my network,
So there are current configurations on network services on the remote Juniper devices such as routing, snmp,syslog,user authentication,ntp, dns, many log messages sits on the devices etc...

Is it possible to give some tips on what should be done in step by step technical perspective where avoiding mistakes or causing extra problems.
Of course we will work together with other company's IT network team. But I like to ask about this who has already had some experiences before.



SRX Services Gateway

Re: separation of network

‎09-30-2019 10:51 PM

Hello Arix,


It is not very clear from the question , if the other company is ONLY going to manage your devices or you also have some production traffic etc.


If it is only about management of the devices without inerfering/overlapping any production subnets, I would suggest using the fxp0 or physical interfaces in a separate MANAGEMENT subnet being routable across the said company. If you have SRX devices, putting an interface in "security zones functional-zone" make this interface act as a management port and does not forward production traffic accidently.


I hope I am making some useful points to your question Smiley Tongue