Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
23 Replies
I was thinking if I should write a short article for beginners to quickly configure an SRX firewall.
I dont know how many people will find it useful but I hope it will be for those who use SRX for
the first time in their life. Lets get started.
Our topology in this tutorial is below;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[edit]
root# load factory-default
warning: activating factory configuration
[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:
[edit]
root# set system host-name srx220
[edit]
root# commit
commit complete
[edit]
root@srx220#
Once we commit the changes, we should see the new hostname srx220 in the prompt.
Commit is required to save and activate your changes.
es ge-0/0/0
es ge-0/0/1
ge-0/0/0 unit 0 family inet address 192.168.100.38/24
ge-0/0/1 unit 0 family inet address 192.168.239.1/24
1
2
3
4
Internal clients will be able to reach SRX (i.e ping and ssh service will be enabled)
towards SRX
#set security zones security-zone internal interfaces ge-0/0/1.0 host-inbound-traffic system1 services ping
2 #set security zones security-zone internal interfaces ge-0/0/1.0 host-inbound-traffic system3 services ssh
#set security zones security-zone internet interfaces ge-0/0/0.0
Now we have assigned interfaces to each zone. To mention again, if you dont add the services
e.g ssh&ping under internal zone, you can neither connect to the box via ssh nor ping its internal
interface IP.
You may also need to source NAT internal clients with your outside interface IP address. Here is
how we configure source nat in SRX:
First start deleting previous left over nat rules.
#set security nat source rule-se
#set security nat source rule-se
#set security nat source rule-se
#commit