You would need to determine the security zone associated with the source and destination address. This would be found by seeing what interface of the SRX would be pointing towards those hosts and then which zone those layer 3 interfaces are assigned to. Once you have the zone names you can create a security policy to permit the traffic similar to this.
set security zones security-zone SourceZone address-book address host1 192.168.85.x/32
set security zones security-zone DestZone address-book address host2 10.22.182.x/32
set security policies from-zone SourceZone to-zone DestZone policy AllowFTP match source-address host1
set security policies from-zone SourceZone to-zone DestZone policy AllowFTP match destination-address host2
set security policies from-zone SourceZone to-zone DestZone policy AllowFTP match application junos-ftp
set security policies from-zone SourceZone to-zone DestZone policy AllowFTP then permit
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 04-01-2023 01:04
From: Rakesh A
Subject: Enable next IP to access FTP site in our firewall
Hi Guys,please help on below requirement...Client is asking like below...…we using srx firewall
Please your support to enable next IP to access FTP site in our firewall,
what is the theory behind that.....
Source IP : 192.168.85.x
Destiny IP : 10.22.182.y
Port: 22
VLAN 35
Thanks
Rakesh
------------------------------
Rakesh A
------------------------------