Please consider the following example:
PC--18.104.22.168-----22.214.171.124 F1 SRX
F1: Zone A, host inbound ssh
Lo0:0 126.96.36.199 , Zone B host inbound ssh
I observed following:
1) In order to for PC to be able to SSH into using lo0 ( 188.8.131.52), we need to define Policy to allow such traffic. Even though this is not a transit traffic as it is destined to SRX, but PC is not able to SSH using lo0 unless we have policy to allow ssh traffic.
Is it expected behavior?
Lo0:0 184.108.40.206 , management zone ( functional zone) host inbound ssh
We can not use managemnet zone in secuity policies. should we still be able to SSH into SRX using 220.127.116.11 from PC?
I understand the whole point of using managemnet zone is to use physiacl port for MGMT access as branch SRX does not have dedicated MGMT port.
Appreciated and have a good day!!
Yes, this is expected behavior. While it is to the box traffic it is still subjected to flow processing. Hence the security policy will be checked.
We cannot ssh to the lo0 in a functional zone, since traffic cannot flow between security and fucntional zones by design