vSRX

Expand all | Collapse all

"Allow All" with an SRX for traffic that is staying inside our network?

Jump to Best Answer
  • 1.  "Allow All" with an SRX for traffic that is staying inside our network?

    Posted 07-03-2019 09:45

    Hey,

     

    is there a way to make any traffic that is NOT destined for the internet, but other hops inside our own network, to be automatically allowed to other zones, or do I have to go in and make security policy for each? 

     

    I've tried the default no match permit all, but I believe that doesn't work because there IS a match, and the implicit deny denies traffic. 

     

     



  • 2.  RE: "Allow All" with an SRX for traffic that is staying inside our network?
    Best Answer

     
    Posted 07-03-2019 09:51

    Hi,

     

    All the traffic, irrespective to the Internet or any other destination, the implicit action is deny. To allow any traffic between two differnet zones through the SRX, an explicit allow policy has to be configured. That is the purpose of it as a security device.

     

    Hope this helps.

     

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!



  • 3.  RE: "Allow All" with an SRX for traffic that is staying inside our network?

    Posted 07-03-2019 10:00

    Darn,

     

    I figured as much. 

     

    Just wanted to make sure!