SRX

 View Only
last person joined: 5 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Odd Client request - Shut of Internet on Attack

    Posted 05-24-2023 10:26

    Hello All,

    I'm looking for a bit of guidance or ideas on how to tackle this odd client requested approach to their security.  In summary they have stated  

    " There needs to be software integrated into the firewall infrastructure that is set to detect an attack and then effectively disconnects the network from the outside world".  The Local LAN is to continue to operate in isolation until the connectivity is restored once the firewall software permits this to happen"

    We can agree the client doesn't appreciate the quarantine/traffic isolation capability of the Firewall and is fixated on disconnecting the physical internet.  I have advised the possibility of false positives and also asked for a definition of an attack but unlikely to get anything meaningful.

    We have a pair of SRX1500's with SW SRX1500 IPS and AppSecure with SW. 

     I'm thinking some sort of Alert profile that sends a trap to a destination that triggers a physical relay sitting inline to disconnect the WAN connection.  How I define the criteria for this is an unknown so any ideas would be appreciated. 

    Thanks David




    ------------------------------
    DAVID FIELD
    ------------------------------


  • 2.  RE: Odd Client request - Shut of Internet on Attack

    Posted 05-25-2023 07:20

    Perhaps an automation that just takes the WAN port to the down mode would meet this requirement.  

    Scripting this would be more straight forward than the physical solution and more easily restored.  You would just need to insure the detection and automation platforms are behind the same SRX and not dependent on the WAN for access. 

    Perhaps an OOB mgmt network would also be a way to connect and manage and monitor the SRX during the WAN outage.  Using OOB cellular networks for that access if the control needs to be off site.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Odd Client request - Shut of Internet on Attack

    This message was posted by a user wishing to remain anonymous
    Posted 05-26-2023 16:22
    This message was posted by a user wishing to remain anonymous

    I think the harder aspect of this request is defining what an attack will be - if it's too strict (like shutdown WAN on any C&C block), internet access may seldom be available.