What is the communication that is currently blocked?
What is permitted on the link will depend on whether it is transit traffic through the SRX zones or self traffic between the devices and what the protocols involved are.
What you show so far should cover things like ospf between the SRX and other protocols but any transit traffic would also need a security policy created.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 03-07-2023 22:59
From: Anonymous
Subject: Communication through 2 srx not establishing
This message was posted by a user wishing to remain anonymous
Hi,
Two srx not communicating,the ports are configured as trunk with allowed vlans.
The SRX models are SRX 550 and SRX 345, SRX connected each other using fiber link.
Please find attached screenshot and advise.
SRX 550 Config
set interfaces ge-0/0/8 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members srx550
set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 virtual-address 10.0.0.1
set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 priority 202
set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 preempt
set interfaces irb unit 90 family inet address 10.0.0.3/24 vrrp-group 1 accept-data
set security zones security-zone srx550 host-inbound-traffic system-services all
set security zones security-zone srx550 host-inbound-traffic protocols all
set security zones security-zone srx550 interfaces irb.90
set vlans srx550 vlan-id 90
set vlans srx550 l3-interface irb.90
SRX 345 Config
set interfaces ge-0/0/12 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members srx345
set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 virtual-address 10.0.0.2
set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 priority 202
set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 preempt
set interfaces irb unit 90 family inet address 10.0.0.4/24 vrrp-group 1 accept-data
set security zones security-zone srx345 host-inbound-traffic system-services all
set security zones security-zone srx345 host-inbound-traffic protocols all
set security zones security-zone srx345 interfaces irb.90
set vlans s345 vlan-id 90
set vlans s345 l3-interface irb.90