SRX

 View Only
last person joined: 7 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SSH to SRX from untrusted network?

    Posted 30 days ago

    I'd like to be able to ssh to the public IP of my SRX from my Head Quarters office.  I have an object already for the HQ IP range.  The public IP on the SRX is on the untrust network.  I created a rule permitting SSH from HQ (via untrust) to untrust but I'm not able to SSH to the SRX itself.  

    I am able to SSH to it via IPSec but would like an alternate way to reach the SRX.  

    I'm sure I'm missing something, just can't figure out what.  



    ------------------------------
    JOHN MUNOZ
    ------------------------------


  • 2.  RE: SSH to SRX from untrusted network?

    Posted 30 days ago

    On the SRX security policy only apply to traffic that passes through the device in one interface and out another one.

    For traffic that terminates on the SRX device itself you would need to do two things.

    Allow the protocol on the zone and/or the desired interfaces for the zone level.

    Then if you want to restrict the source ip addresses also create a junos host zone policy to permit the connection.

    example is here

    https://supportportal.juniper.net/s/article/SRX-Configuration-Example-How-to-limit-self-traffic-using-Security-Policies?language=en_US



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------