Hello guys,
I hope everyone is doing well. I need help on srx 5400 configuration. I have 3 zones (DMZ, UNTRUST and TRUST), my goal is to pass traffic from a dmz host to specific host in the trust zone. To achieve this I have configured a security policy from-zone DMZ to-zone TRUST but the traffic keeps on hitting from-zone DMZ to-zone UNTRUST which should not be. I moved the policy before from-zone DMZ to-zone UNTRUST.
DMZ - 10.20.20.X/24
TRUST - 172.16.X.X/24
from-zone DMZ to-zone TRUST {
policy allow-api-to-DB {
match {
source-address [ ap-api1-pw ap-api2-pw ];
destination-address ap-db-lb1;
application any;
}
then {
permit;
}
}
}
from-zone DMZ to-zone UNTRUST {
policy PERMIT-DMZ-INTERNET {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
Session lookup when pinging from DMZ to TRUST:
Flow Sessions on FPC0 PIC1:
Total sessions: 0
Flow Sessions on FPC0 PIC2:
Session ID: 137650544, Policy name: PERMIT-DMZ-INTERNET/9, State: Active, Timeout: 54, Valid
In: 10.20.20.1/1 --> 172.16.6.216/2870;icmp, Conn Tag: 0x0, If: reth1.0, Pkts: 1, Bytes: 84, CP Session ID: 3515766
Out: 172.16.6.216/2870 --> 112.199.XX.X/41547;icmp, Conn Tag: 0x0, If: reth2.10, Pkts: 0, Bytes: 0, CP Session ID: 3515766
Hope someone can help me as I am running out of ideas and i have tried many configuration and troubleshooting but to no avail..
Thank you!
------------------------------
Kevin Pentason
------------------------------