In a typical scenario, you will have the server connected to switches/routers and the switches/routers connected to the firewall. You can configure the gateway for your internal traffic on the Firewall, associate this network with the appropriate VLAN ID and tag the vlan from the firewall->switch/router-->server. The local network can be configured as a unique zone on the firewall, which will allow you to screen inter-subnet traffic.
Original Message:
Sent: 05-20-2021 08:46
From: Unknown User
Subject: Tag traffic on egress inerface - Please help
Hi everyone!
First of all, thank you for reading me and for your help.
I'm a newbie in this world and I have what I'm sure is a dumb question but here I go:
I have the following design:
Local Server---->SRX340---->RT/SW---->...
The SRX is configured with one Virtual Router and two interfaces attached to this Virtual Router ge-0/0/0 (external) and ge-0/0/1 (internal)
And ofcourse zone trust (ge-0/0/1) and untrust (ge-0/0/0)
The local server sends traffic without tag (not tagged) and what I need is to receive that traffic on SRX ge-0/0/1 (internal) and tag it on its way out, on the interface ge-0/0/0 (external)..
I've tried with vlan-tagged and flexible-vlan... but I think this options receive and transmits tagged traffic but don actually tag that traffic.. is that correct?
This is my current config:
interfaces {
ge-0/0/0 {
unit 0 {
description "External Interface";
family inet {
address IP/MASK;
}
}
}
ge-0/0/1 {
unit 0 {
description "Internal Interface";
family inet {
address IP/MASK;
}
}
}
}
How can then tag traffic on the egress interface ge-0/0/0 so the SW/RT receive it already tagged?
Than you so much!
Best regards