Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Firewall Filter Settings for DynDNS Client on SRX Device using lo-filter for management access control

  • 1.  Firewall Filter Settings for DynDNS Client on SRX Device using lo-filter for management access control

    Posted 01-11-2022 10:30
    Dear Experts, 

    I am wondering if there is somebody here who can support me in this isssue a little bit?

    I need to work temporarily with a dynamic public IP address.

    To get the VPN tunnels up and run I modified the IKE and IPSEC configuration accordingly and this works great. 

    Then I have setup ddns services on the SRX 220 and it works as long I do NOT use firewall lo-filter for management access control 

    root@SRX220# show system services dynamic-dns
    client host {
    server dyndns;
    agent xxx.dyndns.org;
    username abd;
    password "xxx"; ## SECRET-DATA
    interface pp0.0;
    }

    Now to my question:

    Which exceptions have to be set in the firewall filter settings so that the connection to dyndns (dyn.com) works correctly with the highest possible security standards?

    Does any of you have experience with this?

    [edit firewall filter lo-filter]
    root@SRX220# show
    term ddns {
    from {
    protocol [ tcp udp ]; #????
    source-port [ 53 80 ]; #?????
    destination-port [ 53 80 ]; #?????
    }
    then accept;
    }

    Any help is greatly appreciated! 

    Thank you in advance.

    Kind regards, 
    Steve


    ​​​

    ------------------------------
    Thomas
    ------------------------------