Juniper Networks V10000 warranty

IMPLEMENTATION GUIDE - Juniper Networks SRX Series Services Gateways/Websense V10000

admin@SRX# show interfaces ge-0/0/1 description “To User LAN network”; unit 0 {

family inet {

address 192.168.5.1/24;

}

}

admin@SRX# show security zones security-zone user-lan {

address-book {

address local-hosts 192.168.5.0/24;

}

interfaces { ge-0/0/1.0;

}

}

4.Create an access control filter (called a “firewall filter” in Junos OS) to selectively identify the traffic to be redirected to the V10000. For the purpose of this implementation guide example, this is HTTP and HTTPS traffic only. The following firewall configuration has two terms. The first term matches on the target redirect traffic (HTTP/HTTPS) and when found puts the traffic into the forwarding instance created in the prior step. That forwarding instance determines one thing—it forwards the traffic to the V10000 P1 port. The second term accepts all other (non- redirected) traffic. This term is very important, and if left out, all other traffic would be silently discarded. The reason for that is that a firewall filter has an implicit “deny” as a last term rule.

admin@SRX# show firewall family inet {

filter redirect-to-V10000-alpha { term web-traffic {

from { protocol tcp;

port [ http https ];

}

then {

routing-instance to-P1-V10000-alpha;

}

}

term default { then accept;

}

}

}

5.Attach the redirecting firewall-filter to the physical interface attached to the User LAN network segment. The filter created in the prior step is added to the physical interface as highlighted.

admin@SRX# show interfaces ge-0/0/1 description “To User LAN network”; unit 0 {

family inet { filter {

input redirect-to-V10000-alpha;

}

}

}