[j-nsp] Block externals ip to firewall srx240

Karsten Thomann karsten_thomann at linfre.de
Tue Jan 10 14:18:34 EST 2017


I would use Junos-host if the device needs to be managed from the untrust 
network, I have the impression it shouldn't be possible to manage it at all 
from the untrust zone and then I would disable all management protocols from 
the system-service section within the untrust zone.

Karsten

Am Dienstag, 10. Januar 2017, 10:09:37 schrieb Kevin Shymkiw:
> My apologies - it is called the junos-host zone at this point:
> 
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB24227&actp=search
> 
> Kevin
> 
> On Tue, Jan 10, 2017 at 10:07 AM, Kevin Shymkiw <kshymkiw at gmail.com> wrote:
> > David,
> > 
> > https://www.juniper.net/documentation/en_US/junos12.
> > 1x44/topics/concept/security-policy-for-self-traffic-understanding.html
> > 
> > It is called self-traffic-policy.   If your version doesn't support this -
> > then you would need to do the old school method of using a Firewall Filter
> > on Lo0
> > 
> > Kevin
> > 
> > On Tue, Jan 10, 2017 at 9:45 AM, David Samaniego <david1984ba at gmail.com>
> > 
> > wrote:
> >> Hi,
> >> 
> >> I have a juniper srx240 in firewall mode, I create a Untrust Zone to
> >> control the traffic access from Internet to my LAN. All work fine, but I
> >> need to block all the connections to my device for example block the ssh
> >> or
> >> https. The idea is deny all attempts to manage my device througth
> >> internet.
> >> 
> >> I tried to create a policy to deny all the inbound traffic to my ip
> >> interfaz(Untrust zone), but don't work and keep allow the access.
> >> 
> >> Any idea to implement my idea.
> >> 
> >> Thanks.
> >> 
> >> Sebastián
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list