Hello,
I'm playing with SRX300 and I didn't find in guides so...
I wanna have interface ge-0/0/3 in Untrusted security zone (exposed to internet).
For this security zone, I've set host-inbound-traffic system-services ike.
From security perspective, I want to have whitelist for this 'ike' service, so only my "home office" public IP is able to access and connect via IPsec.
On the other hand, I wish to disable potential port scanning to get response for that (eg. isakmp) service.
My goal is to have ike service that will only reply when packets coming in from my "home office" public IP.
I hope I explained enough what I wish to achieve.
Thank you.
------------------------------
VM
------------------------------