SRX Next-Gen Firewalls

The address-book is strictly for matching the IP addresses in the packet headers. A wildcard domain matching would require you to examine the packet payload. On the SRX you can do that with Web Filtering (https://www.juniper.net/documentation/us/en/software/junos/utm/topics/concept/utm-web-filtering-overview.html) ...

I don't know if this would do what you're looking for, but you could do something like this: groups { trust-to-untrust { security { policies { from-zone <*> to-zone <*> { policy policy1 { ...

Hi all, Referring to this url https://supportportal.juniper.net/s/article/SRX-DNS-address-book-entries-with-wildcard-is-not-accepted?language=en_US SRX still dont have this feature even it already 2024 like other firewall that support it such as Fortiget ...

Hi all, In the CLI SRX, is it possible we create one global security policy that consists multiple child rule security policy. I means like we create address-set and in the address-set have multiple address-book. If can then can someone share ...

Hello, thanks for your reply. I'll enable auto-snapshot and see what happens... ------------------------------ Georg Pauwen ------------------------------

There is a PR 1692526 which probably has something to do with this. The PR is not public, because no customer has reported it yet. It increases SPU utilization, and crashes it eventually. The trigger of this is the firewall events that SPU has to process ...

The other great mystery of the universe: dynamic-applications ;) I just try to do rules for internal services (DNS, NTP, AD, or other known ones) as standard rules, and then use AppFW (mostly) for connections to Internet. Of course if the requirement ...