SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Help for VLAN trunk design

    Posted 03-07-2019 12:26
      |   view attached

    Hi,

     

    On the attached, I have a bunch of servers trunking up to a Juniper 4100 SRX. The gateway addresses should reside within VLANs on the Juniper and all servers are should be forced up to the firewall. No server should be able to talk to another server without a rule in place. All these servers should sit within a Zone on Juniper. This will be via 2 interfaces to a couple of switches working in a pair. Are IRB interfaces the best way to do this with VLANs?

     

    The rest of the network will connect into this Juniper, but I have read that you can't have a layer 3 zone talking to a layer 2 zone? 

     

    Now I am wondering how best to connect up these parts of the network? I was going to have a OSPF connection to the rest of the network but this means the 2 zones can't have rules between them which is needed.

     

    Any help greatly appreciated?

     

    Thanks



  • 2.  RE: Help for VLAN trunk design

    Posted 03-07-2019 12:28

    Just to clarify, each switch has 2 links to the Juniper SRX



  • 3.  RE: Help for VLAN trunk design

    Posted 03-07-2019 14:33
    It is also worth noting that zone 2 with the users in it, will lead to the rest of the network so really needs to be in OSPF routing table for easy distribution. In fact, it all needs to be distributed into OSPF - but the access rules controlled by the rule set


  • 4.  RE: Help for VLAN trunk design
    Best Answer

    Posted 03-09-2019 10:52
    Sorted this in the end - used 2 aggregated interfaces for the 4 links and used vlan tagging to keep them both L3 interfaces so the zone can communicate between them