Hello,
I am planning to migrate pfsense firewall rules to SRX340, but i would like to know what is the most best practice solution to do this. Do i need to use security zone with additional policies or using firewall filter to allow services/protocols towards differents destinations/endpoints.
example pfsense:
protocol: tcp
source: LAN (TEST-LAN)
port: any
Destination:LDAP
port:389
port:636
How do i convert this to SRX firewall rule?. let say i am using security zones, does this means i need to make security zone for each firewall rule in pfsense.
SRX:
Source/destination:
Set security address-book global address TEST 172.16.1.1
Set security address-book global address LDAP 172.22.1.46
Ports:
Set applications application tcp-389 protocol tcp destination 389
Set applications application tcp-636 protocol udp destination 636
Set applications application-set LDAP-PORTS application tcp-389
Set applications application-set LDAP-PORTS application tcp-636
Zones:
set security zones security-zone TEST-LAN interfaces reth1.16 host-inbound-traffic system-services all
set security zones security-zone TEST-LAN interfaces reth1.16 host-inbound-traffic protocol all
set security zones security-zone LDAP interfaces reth1.16 host-inbound-traffic system-services all
set security zones security-zone LDAP interfaces reth1.16 host-inbound-traffic protocol all
Policies:
Set security policies from-zone TEST-LAN to-zone LDAP policy test-lan-to-ldap match source-address TEST
Set security policies from-zone TEST-LAN to-zone LDAP policy test-lan-to-ldap destination-address LDAP
Set security policies from-zone TEST-LAN to-zone LDAP policy test-lan-to-ldap match application LDAP-PORTS
Set security policies from-zone TEST-LAN to-zone LDAP policy test-lan-to-ldap then permit
Set security policies from-zone TEST-LAN to-zone LDAP policy test-lan-to-ldap then log session-init
Set security policies from-zone TEST-LAN to-zone LDAP policy test-lan-to-ldap then log session-close
Thank u in advance.