SRX

Expand all | Collapse all

SRX Security policy for return traffic needed?

Jump to Best Answer
  • 1.  SRX Security policy for return traffic needed?

    Posted 08-15-2017 12:32

    Hi everybody.


    Let say we have a SRX with two Zones:

     

    UNTRUST ZONE
    TRUST ZONE

    We have a security policy that allows all traffic from Untrust to Trust.
    Do I need to configure policy to allow return traffic i.e from TRUST to Untrust? or SRX remembers the flow and no such policy is needed.

    Thanks,



  • 2.  RE: SRX Security policy for return traffic needed?
    Best Answer

    Posted 08-15-2017 13:27

    Without knowing what you have configured for the trust, one cannot tell. If you had loaded the the default config and then created the policy to allow traffic from untrust to trust, then you may as well, then you would have basically opened the network and scanning for malicious content with screens. Thats because the factory-default allows all traffic from trust to untrust. If you have simply blown away the default and created zones, then no traffic is going anywhere. Neither intra or inter-zone. If you create policies only for untrust to trust then return traffic from trust to untrust will be permitted, you don't need to create polices to allwo the return traffic because it is a stateful firewall. However you would not be able to inititiate traffic from trust to untrust without specific policies to permit said trraffic.