Source address, destination address and application are mandatory match conditions. Application: This is a protocol or service that is allowed/denied by the rule.Address book are created in zones to match address in the rule. For example, a policy named My Policy matches source address of x.x.x.x/x and destination address of y.y.y.y/y then we define a condition to allow or block the traffic. These source address and destination address are used to match the condition. IP Address: IP address define source network or hosts and destination network or hosts.Note: – Cisco calls firewall rule, Juniper calls security policy which is basically the same thing. For example, if I want to allow traffic from Untrust Zone to Trust Zone then I would name my policy as Internet Rule or Internet Policy. Policy: This is a policy name that is used to define the firewall rule (policy).Firewall policies (rules) need source zone and destination zones defined prior defining the firewall rule. You can create zone name as Accounting Zone for firewall interface connected to accounting switch and so on. Interface connected to the Internet is usually named Untrust Zone, interface connected to the internal network is usually called Trust Zone. Each interface is assigned to a security zone. Security Zones: Security zones are logical boundary.Elements of Juniper firewall rules are: – Here, I will use command line to demonstrate firewall rule creation.īefore configuring firewall rules, there are some basic terminologies that are necessary to understand. You can configure firewall rule in Juniper SRX using command line or GUI console. SRX firewall inspects each packets passing through the device. Juniper SRX series firewall products provide firewall solutions from SOHO network to large corporate networks. Juniper firewalls are capable of filtering traffic based on source/destination IP address and port numbers. Firewall rules or also called security policies are methods of filtering and logging traffic in the network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |