SRX Next-Gen Firewalls

Latest Discussion Posts

  • Yes looks like it is on the right track. The default policies already in place for the trust and untrust zones will apply to these new interface groups once the vlan.0 and vlan.2 interfaces are assigned to those zones. Naturally, you can customize or ...

  • I figured that out, I had to use interface vlan.2, then the commit check passed. Does my config look sane now? I will try to test.

  • I got the error to stop by changing interfaces-internet to unit 0, so I now have: root# show interfaces interface-range interfaces-trust { member ge-0/0/8; member ge-0/0/9; member ge-0/0/10; member ge-0/0/11; member ge-0/0/12; ...

  • I'm trying to commit the code and getting: commit check [edit] 'unit 2' Only unit 0 is valid for this encapsulation​ I'll build the zones and firewall rules too, once I get the switch group ge-0/0/0-6 defined with a static IP.

  • Yes that would be the vlan and layer 3 configuration. On an SRX if you are still in normal firewall flow mode you will also need to add the layer 3 vlan.0 and vlan.1 interfaces to the desired security zone and then have the necessary security policy ...

Current Members
464 Members
Hidden Member
community Admin
community Admin