Junos OS

 View Only
last person joined: 21 hours ago 

Ask questions and share experiences about Junos OS.

Firewall Filter Settings for DynDNS Client on SRX Device using lo-filter for management access control

  • 1.  Firewall Filter Settings for DynDNS Client on SRX Device using lo-filter for management access control

    Posted 01-11-2022 10:30
    Dear Experts, 

    I am wondering if there is somebody here who can support me in this isssue a little bit?

    I need to work temporarily with a dynamic public IP address.

    To get the VPN tunnels up and run I modified the IKE and IPSEC configuration accordingly and this works great. 

    Then I have setup ddns services on the SRX 220 and it works as long I do NOT use firewall lo-filter for management access control 

    root@SRX220# show system services dynamic-dns
    client host {
    server dyndns;
    agent xxx.dyndns.org;
    username abd;
    password "xxx"; ## SECRET-DATA
    interface pp0.0;
    }

    Now to my question:

    Which exceptions have to be set in the firewall filter settings so that the connection to dyndns (dyn.com) works correctly with the highest possible security standards?

    Does any of you have experience with this?

    [edit firewall filter lo-filter]
    root@SRX220# show
    term ddns {
    from {
    protocol [ tcp udp ]; #????
    source-port [ 53 80 ]; #?????
    destination-port [ 53 80 ]; #?????
    }
    then accept;
    }

    Any help is greatly appreciated! 

    Thank you in advance.

    Kind regards, 
    Steve


    ​​​

    ------------------------------
    Thomas
    ------------------------------