Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Thanks for the info Ronin.... could you by chance also take a look at my reply on this thread? I am still having issues with Dynamic VPN. I am very new to JUNOS, and this forum seems heaven sent if people like you can assist. Thanks again!
I think the discussion may have gone a bit off track.. If you're looking to do transparent mode firewalling like ScreenOS, then yes, that's only available in SRX 3000 and 5000 series.
I believe, however, that you're just looking to emulate a bgroup, like an SSG. That's actually fairly simple. Syntax is identical to EX switches. A ScreenOS bgroup is roughly equivalent to a JUNOS vlan+rvi (routed vlan interface).
An example that will make a bgroup out of the first 4 ports on an SRX210, and assign IP 192.168.1.1/24:
set int ge-0/0/0.0 family ethernet-switching
set int ge-0/0/1.0 family ethernet-switching
set int fe-0/0/2.0 family ethernet-switching
set int fe-0/0/3.0 family ethernet-switching
set vlans default l3-interface vlan.0
set int vlan.0 family inet addr 192.168.1.1/24
Note that you can't have both family ethernet-switching and family inet configured at the same time on the same interface. At that point, you'll need to assign vlan.0 to a zone, just like it was a physical interface.
I just finished SRX training last week and got my brand shiny new SRX210 (it's kind of like Christmas in summer 🙂
Playing with config's and this one works just great - ge&fe in a bridge group are no problem.
Your very own 210? You lucky guy!! With IDP license? What's more to wish for?!
Thank you very much for your answer, will try it soon!
I tried on J-serie PIM and on chassis ports of a srx 210. Works realy cool. Same config as a EX.