SRX

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  How to block Public IP

    Posted 03-17-2023 02:01
    Edited by Rakesh A 03-17-2023 04:37

    Hi Guys,

    We have a requirement from client below,we using SRX 1500 firewall. Please help on this to check......

    ""We received a request from the government about block the IP 141.y.x.x to be reach by the users attached to the network.""

    Can we block this on the Firewall?

    Thanks in advance.

    Regards,

    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------



  • 2.  RE: How to block Public IP

     
    Posted 03-17-2023 05:51

    Hello Rakesh,

    You can configure a security policy and apply it on the top so that the traffic will be blocked. 

    example:

    set security address-book global address BLOCKED-Address 192.168.0.1

    set security policies from-zone trust to-zone untrust policy test match source-address any
    set security policies from-zone trust to-zone untrust policy test match destination-address BLOCKED-Address
    set security policies from-zone trust to-zone untrust policy test match application any
    set security policies from-zone trust to-zone untrust policy test match dynamic-application any
    set security policies from-zone trust to-zone untrust policy test then deny

    insert security policies from-zone trust to-zone trust policy test before policy <policy name which is on top>

    Regards,



    ------------------------------
    Brijil R
    ------------------------------



  • 3.  RE: How to block Public IP

    Posted 03-23-2023 07:11

    We have a zones like below,

    trust zone is: GI-INT

    Untrust zone is: GI-EXT

    this is firewall policies already configured on trust and untrust

    set security policies from-zone GI-INT to-zone GI-EXT policy test match source-address any
    set security policies from-zone GI-INT to-zone GI-EXT policy test match destination-address any
    set security policies from-zone GI-INT to-zone GI-EXT policy test match application any
    set security policies from-zone GI-INT to-zone GI-EXT policy test then permit

    I have created template like this below, as you mentioned ...my doubt is i have to configure new policy for  blocking IP address(already Test is the policy) or i have to paste "Test "is the policy here already configured in previous …Please help on this...

    set security policies from-zone  GI-INT to-zone GI-EXT  policy test match source-address any
    set security policies from-zone GI-INT to-zone GI-EXT policy test match destination-address 141.101.121.238
    set security policies from-zone GI-INT to-zone GI-EXT policy test match application any
    set security policies from-zone GI-INT to-zone GI-EXT policy test match dynamic-application any
    insert security policies from-zone GI-INT to-zone GI-EXT policy test before policy <policy name which is on top>

    insert security policies from-zone GI-INT to-zone GI-EXT policy test before policy test

    Thanks

    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------