I'm doing some more work with Juniper SRX's recently and I've done some reading on
Traffic Processing on SRX Series Devices Overview and I have a query that I can't really find an exact answer to in the Juniper documentation.
If we have an SRX where for example Ge-0/0/0.0 is being utilized with a security zone (eg OUTSIDE) to connect to an Internet link via an ISP that utilizes PPPOE with CHAP authentication how do security rules/policies work with outbound services which are enabled/originating from the SRX's interface within that zone?
When a PPPOE setup is enable on an SRX Zone/Interface does the SRX automatically permit the PPPOE traffic via a hidden policy specific to that interface/zone or do you need to configured a security policy/rule for that zone to that zone permitting PPPOE or from "junos-host" to the "OUTSIDE" zone for example?
Alternatively is there a configuration setup like the below which permits an inbound service (eg SSH) but the reverse which permits outbound system service on that interface?
set security zones security-zone INSIDE-LAN interfaces irb.20 host-inbound-traffic system-services ssh
Thanks.
------------------------------
Dave
------------------------------