SRX

Hello, I'm a student messing around with my SRX300, I'm wondering if I can bridge multiple interfaces together similar to BVIs on Cisco ASAs.

For example:

ge-0/0/1 - ge-0/0/3 will be in subnet 192.168.10.0/24 under 'trust' zone - I'll call this 'inside' group

ge-0/0/4 - ge-0/0/5 will be in subnet 192.168.20.0/24 under 'mgmt' zone (custom security zone) - I'll call this 'Management' group

PCs in the 'inside' & 'management' groupswill have a default gateway of 192.168.10.1 and 192.168.20.1 respectively.

 Is it possible to do such a thing? I tried using IRBs to no avail, unless I've been doing it wrong. Thanks!

Mgmt is a special reserved zone name for the functional zone, so use something else.

After that, yes IRBs are the way to go.  Create your VLANs with l3-interface and interface IRB then assign interfaces to vlans and irb to zone.  Write policy as desired.

Hello, I'm a student messing around with my SRX300, I'm wondering if I can bridge multiple interfaces together similar to BVIs on Cisco ASAs.

For example:

ge-0/0/1 - ge-0/0/3 will be in subnet 192.168.10.0/24 under 'trust' zone - I'll call this 'inside' group

ge-0/0/4 - ge-0/0/5 will be in subnet 192.168.20.0/24 under 'mgmt' zone (custom security zone) - I'll call this 'Management' group

PCs in the 'inside' & 'management' groupswill have a default gateway of 192.168.10.1 and 192.168.20.1 respectively.

 Is it possible to do such a thing? I tried using IRBs to no avail, unless I've been doing it wrong. Thanks!

Hi, sorry for the late reply, have been real busy with my internship. I suspect the reason why my initial config didn't work is due to the 'mgmt' name. However, is possible for you to provide a psuedo-config? Thanks!

Mgmt is a special reserved zone name for the functional zone, so use something else.

After that, yes IRBs are the way to go.  Create your VLANs with l3-interface and interface IRB then assign interfaces to vlans and irb to zone.  Write policy as desired.

Hello, I'm a student messing around with my SRX300, I'm wondering if I can bridge multiple interfaces together similar to BVIs on Cisco ASAs.

For example:

ge-0/0/1 - ge-0/0/3 will be in subnet 192.168.10.0/24 under 'trust' zone - I'll call this 'inside' group

ge-0/0/4 - ge-0/0/5 will be in subnet 192.168.20.0/24 under 'mgmt' zone (custom security zone) - I'll call this 'Management' group

PCs in the 'inside' & 'management' groupswill have a default gateway of 192.168.10.1 and 192.168.20.1 respectively.

 Is it possible to do such a thing? I tried using IRBs to no avail, unless I've been doing it wrong. Thanks!

If you look at a factory-default configuration, you'll have several ports in an "inside group" which is essentially what you're looking for.

Hi, sorry for the late reply, have been real busy with my internship. I suspect the reason why my initial config didn't work is due to the 'mgmt' name. However, is possible for you to provide a psuedo-config? Thanks!

Mgmt is a special reserved zone name for the functional zone, so use something else.

After that, yes IRBs are the way to go.  Create your VLANs with l3-interface and interface IRB then assign interfaces to vlans and irb to zone.  Write policy as desired.

Hello, I'm a student messing around with my SRX300, I'm wondering if I can bridge multiple interfaces together similar to BVIs on Cisco ASAs.

For example:

ge-0/0/1 - ge-0/0/3 will be in subnet 192.168.10.0/24 under 'trust' zone - I'll call this 'inside' group

ge-0/0/4 - ge-0/0/5 will be in subnet 192.168.20.0/24 under 'mgmt' zone (custom security zone) - I'll call this 'Management' group

PCs in the 'inside' & 'management' groupswill have a default gateway of 192.168.10.1 and 192.168.20.1 respectively.

 Is it possible to do such a thing? I tried using IRBs to no avail, unless I've been doing it wrong. Thanks!