IMPLEMENTATION GUIDE
Implementation Tasks
The SRX Series administrator needs to perform the following configuration steps that are specific to creating an end-
1.Create the
2.Create a FBF that is used to redirect specific traffic from the User LAN to the V10000 P1 port.
3.Add a security policy from
4.Create an access control filter (called a “firewall filter” in Junos OS) to selectively identify the traffic to be redirected to the V10000. For the purpose of this implementation guide example, this is HTTP and HTTPS traffic only.
5.Attach the redirecting
6.Add a security policy from
7.Add the V10000 “C” port to the management security zone address book. This step is necessary so that the V10000 can redirect the user Web browser to the “C” port for blocked sites or Web protocols.
8.Create a
9.Add a security policy from
10.Add any Network Address Translation (NAT) necessary to support both
There are two general approaches for configuring Junos OS devices for solution integration with partner products. The first, and most common, is manually provisioning these steps. This implementation guide presents this detailed information in a
SRX Series Configuration Using Junos Automation
Junos OS natively supports the ability to extend and customize the configuration and operational elements of the SRX Series using Junos automation capabilities. The key benefit of using Junos automation is that the network administrator is not required to manually provision the SRX Series with the specific Junos OS commands. Instead, the administrator needs only to provision the relevant V10000 information, and the SRX Series automatically creates the required configuration. By using this technique, the administrator can be assured that all required configurations steps are properly completed, thereby reducing errors and enabling a faster installation.
For example, in the reference network the following is known:
•The management security zone is attached to SRX Series interface
•The
•The V10000 appliance:
•The User LAN:
6 | Copyright © 2010, Juniper Networks, Inc. |