SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Tag traffic on egress inerface - Please help

  • 1.  Tag traffic on egress inerface - Please help

    Posted 05-20-2021 08:47

    Hi everyone!

    First of all, thank you for reading me and for your help.

    I'm a newbie in this world and I have what I'm sure is a dumb question but here I go:

    I have the following design:

    Local Server---->SRX340---->RT/SW---->...

    The SRX is configured with one Virtual Router and two interfaces attached to this Virtual Router ge-0/0/0 (external) and ge-0/0/1 (internal)
    And ofcourse zone trust (ge-0/0/1) and untrust (ge-0/0/0)

    The local server sends traffic without tag (not tagged) and what I need is to receive that traffic on SRX ge-0/0/1 (internal) and tag it on its way out, on the interface ge-0/0/0 (external)..

    I've tried with vlan-tagged and flexible-vlan... but I think this options receive and transmits tagged traffic but don actually tag that traffic.. is that correct?
    This is my current config:

    interfaces {
    ge-0/0/0 {
    unit 0 {
    description "External Interface";
    family inet {
    address IP/MASK;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    description "Internal Interface";
    family inet {
    address IP/MASK;
    }
    }
    }
    }

    How can then tag traffic on the egress interface ge-0/0/0 so the SW/RT receive it already tagged?

    Than you so much!

    Best regards



  • 2.  RE: Tag traffic on egress inerface - Please help

     
    Posted 05-22-2021 16:12
    In a typical scenario, you will have the server connected to switches/routers and the switches/routers connected to the firewall.  You can configure the gateway for your internal traffic on the Firewall, associate this network with the appropriate VLAN ID and tag the vlan from the firewall->switch/router-->server. The local network can be configured as a unique zone on the firewall, which will allow you to screen inter-subnet traffic.