Hello
I am initiating a source ping from interface configured on the SRX and still able to ping network on other firewall althogh there is no policy configured and default-deny is also there:
SRXA# run ping 192.168.6.1 interface fe-0/0/1.0
PING 192.168.6.1 (192.168.6.1): 56 data bytes
64 bytes from 192.168.6.1: icmp_seq=0 ttl=64 time=3.553 ms
64 bytes from 192.168.6.1: icmp_seq=1 ttl=64 time=2.923 ms
64 bytes from 192.168.6.1: icmp_seq=2 ttl=64 time=2.854 ms
SRXA# run show security policies
Default policy: deny-all
SRXA# run show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 1d 00:23:37
> to 192.168.10.101 via fe-0/0/0.0
SRXA# run show security zones detail
Security zone: lab
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
fe-0/0/1.0
Security zone: untrust
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Interfaces bound: 1
Interfaces:
fe-0/0/0.0
Hostname: SRXA
Model: srx110h-va
JUNOS Software Release [11.4R7.5]
how is SRX allowing interzone traffic on the same firewall without any policy?.. dont have phsical access to firewalls now thats why doing a interface ping.
Regards
Kashif