SRX Next-Gen Firewalls

Latest Discussion Posts

  • For this type of setup you would have all the physical ports be layer two in the same vlan. Then create a virtual layer 3 port for the ip address in the vlan. Depending on the Juniper model the virtual interface is either vlan.# (old style ex/srx) or ...

  • Yes looks like it is on the right track. The default policies already in place for the trust and untrust zones will apply to these new interface groups once the vlan.0 and vlan.2 interfaces are assigned to those zones. Naturally, you can customize or ...

  • I figured that out, I had to use interface vlan.2, then the commit check passed. Does my config look sane now? I will try to test.

  • I got the error to stop by changing interfaces-internet to unit 0, so I now have: root# show interfaces interface-range interfaces-trust { member ge-0/0/8; member ge-0/0/9; member ge-0/0/10; member ge-0/0/11; member ge-0/0/12; ...

  • I'm trying to commit the code and getting: commit check [edit] 'unit 2' Only unit 0 is valid for this encapsulation​ I'll build the zones and firewall rules too, once I get the switch group ge-0/0/0-6 defined with a static IP.

Current Members
464 Members
Hidden Member
community Admin
community Admin