SRX

 View Only
last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Enable next IP to access FTP site in our firewall

    Posted 04-01-2023 01:05
    Edited by Rakesh A 04-01-2023 01:55


    Hi Guys,please help on below requirement...Client is asking like below...…we using srx firewall

    Please your support to enable next IP to access FTP site in our firewall,

    what is the theory behind that.....

    Source IP : 192.168.85.x

    Destiny IP :  10.22.182.y

    Port: 22

    VLAN 35


    Thanks
    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------



  • 2.  RE: Enable next IP to access FTP site in our firewall

    Posted 04-01-2023 12:27

    You would need to determine the security zone associated with the source and destination address.  This would be found by seeing what interface of the SRX would be pointing towards those hosts and then which zone those layer 3 interfaces are assigned to.  Once you have the zone names you can create a security policy to permit the traffic similar to this.

    set security zones security-zone SourceZone address-book address host1 192.168.85.x/32

    set security zones security-zone DestZone address-book address host2 10.22.182.x/32

    set security policies from-zone SourceZone to-zone DestZone policy AllowFTP match source-address host1

    set security policies from-zone SourceZone to-zone DestZone policy AllowFTP match destination-address host2

    set security policies from-zone SourceZone to-zone DestZone policy AllowFTP match application junos-ftp

    set security policies from-zone SourceZone to-zone DestZone policy AllowFTP then permit



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Enable next IP to access FTP site in our firewall

    Posted 04-05-2023 00:06

    Hi Spuluka,

    Thank you for your help.

    Regards
    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------