SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Firewall rules for security director

    Posted 04-22-2019 10:19
    Hi,

    Will be installing Juniper Security Director soon and wanted to know what TCP/UDP ports are required to make it integrate with SRX firewalls?

    Do I need to add a rule on the SRX so it comes from the relevant zone to the Junos-host in the policy base?

    Thanks
    #SRX
    #director
    #security


  • 2.  RE: Firewall rules for security director

    Posted 04-22-2019 12:59

    In general Security Director relies on the ports needed for Junos Space. The required ports are listed in https://kb.juniper.net/InfoCenter/index?page=content&id=kb18148

     

    In summary only ssh from Space/SD towards the SRX gateways is needed. SD does netconf via ssh.

    Ping and snmp-read (udp/161) are optional but nice to have available.

     

     



  • 3.  RE: Firewall rules for security director

    Posted 04-22-2019 13:12
    Thanks,

    Just to clarify; do I need the rule to be from the zone SD sits in towards the Junos-host zone on each SRX?


  • 4.  RE: Firewall rules for security director
    Best Answer

    Posted 04-22-2019 13:28

    In general your assumption is correct... but it depends on your setup.

     

    It could also be that you only allow ssh as host-inbound-service system-services on the relevant zone/interface and then have a RE protection firewall filter to handle which IPs can access via ssh on this zone.

     

    Alternative could also be a global policy which allows management across all zones to avoid doing multiple src-zoneX/Y/Z to junos-host policies (if ssh access is needed from multiple different zones)

     

    Junos provides you many ways to accomplish the same goal 🙂



  • 5.  RE: Firewall rules for security director

    Posted 04-22-2019 13:50
    That’s great - thanks