Hi everyone,
I just do config srx100 and cannot do config router and firewall filter. so please help, I will describe detail as below.
- I have local network with multiple VLAN: 172.16.0.xxx , 172.16.1.xxx, ..., 172.16.240.xxx and 1 VLAN control is: 172.16.0.xxx
- I have SRX100 with fe-0/0/3 : 172.16.0.3 and ISP1 : fe-0/0/1 :192.168.99.22 and 1 ISP2: fe-0/0/7: 192.168.110.22
- I create Security zone for some IP can access internet via ISP1 and Some IP for Access ISP2. but now all default access in ISP1 only.
I create below. could everyone can help me fixed this problem
interfaces {
fe-0/0/0 {
unit 0 {
encapsulation ppp-over-ether;
}
}
fe-0/0/1 {
unit 0 {
description ISP1;
family inet {
address 192.168.99.22/24;
}
}
}
fe-0/0/3 {
unit 0 {
family inet {
filter {
input 2nd-ISP;
}
address 172.16.0.3/24;
}
}
}
fe-0/0/7 {
unit 0 {
description ISP2;
family inet {
address 192.168.110.22/24;
}
}
}
firewall {
family inet {
filter 2nd-ISP {
term 0 {
from {
source-address {
172.16.6.0/24;
}
}
then {
routing-instance 2nd-router;
}
}
term 1 {
then accept;
}
}
}
}
routing-options {
interface-routes {
rib-group inet 2nd-router;
}
static {
route 0.0.0.0/0 next-hop 192.168.99.1;
route 172.18.0.0/16 next-hop 172.16.0.2;
route 192.168.201.0/24 next-hop 172.16.0.2;
route 172.16.0.0/16 next-hop [ 172.16.0.254 172.16.0.253 ];
}
rib-groups {
2nd-router {
import-rib [ inet.0 2nd-router.inet.0 ];
}
}
}
routing-instances {
2nd-router {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.110.1;
route 172.18.0.0/16 next-hop 172.16.0.2;
route 192.168.201.0/24 next-hop 172.16.0.2;
route 172.16.0.0/16 next-hop [ 172.16.0.254 172.16.0.253 ];
}
}
}
}
zones {
security-zone Internal {
address-book {
address 172.16.0.201 172.16.0.201/32;
address 172.16.201.0/32 172.16.201.0/32;
address Internal_Net 172.16.201.0/24;
address Active_update 172.16.210.252/32;
address Dev_UV_Gia 172.16.4.30/32;
address ECUS_SYS_01 172.16.4.72/32;
address ECUS_SYS_02 172.16.4.178/32;
}
interfaces {
fe-0/0/3.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
http;
https;
ssh;
telnet;
}
}
}
}
}
fe-0/0/7.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
http;
https;
ssh;
telnet;
}
}
}
}
}
}
------------------------------
HONG NGUYEN DINH
------------------------------