Hello Salvatore Colimoro
Thanks for your reply .Could you please see this and tell which one is deafult security policy ,i see there is two commads that say deafult and says deny-all and premit -all ,Is that the deafult policy which i can not see in GUI .?If yes than why i don't see in GUI ?Any idea ?and also my NAT has started working .
root@SRX300> show security policies
Default policy: deny-all
Default policy log Profile ID: 0
Pre ID default policy: permit-all
From zone: trust, To zone: trust
Policy: trust-to-trust, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 1, Log Profile ID: 0
Source vrf group: any
Destination vrf group: any
Source addresses: any
Destination addresses: any
Applications: any
Source identity feeds: any
Destination identity feeds: any
Action: permit
From zone: trust, To zone: untrust
Policy: trust-to-untrust, State: enabled, Index: 5, Scope Policy: 0, Sequence number: 1, Log Profile ID: 0
Source vrf group: any
Destination vrf group: any
Source addresses: any
Destination addresses: any
Applications: any
Source identity feeds: any
Destination identity feeds: any
Action: permit, log
From zone: untrust, To zone: trust
Policy: RDP, State: enabled, Index: 6, Scope Policy: 0, Sequence number: 1, Log Profile ID: 0
Source vrf group: any
Destination vrf group: any
Source addresses: any
Destination addresses: RDP13
Applications: RDP13-TCP
Source identity feeds: any
Destination identity feeds: any
Action: permit
root@SRX300>
Original Message:
Sent: 12-28-2021 02:46
From: Salvatore Colimoro
Subject: default secuirty policies
you always need a security policy to allow traffic through the zones.
Is Dnat not working? if so and you have the destination ip address x.x.x.x/32 different of the ip address of your untrusted interface, you need to configure the "proxy arp" under the [secuirty nat ] instance.
I hope this helped.
------------------------------
Salvatore Colimoro
Original Message:
Sent: 12-25-2021 16:49
From: Unknown User
Subject: default secuirty policies
Hello Everyone
i m new to Juniper and working on configuring NAT rules.I have configured the SRX300 with setup wizard and i noticed there are none security policy ,is that a normal ?Because my NAT doesn't work that is what made to look on each place to make sure everything is ok .Otherwise the srx300 is working ok because all the devices are connected ok ,like computers,Xbox,IPTVs and stuff.