IMPLEMENTATION GUIDE - Juniper Networks SRX Series Services Gateways/Websense V10000
admin@SRX# show interfaces
family inet {
address 192.168.5.1/24;
}
}
admin@SRX# show security zones
address
}
interfaces {
}
}
4.Create an access control filter (called a “firewall filter” in Junos OS) to selectively identify the traffic to be redirected to the V10000. For the purpose of this implementation guide example, this is HTTP and HTTPS traffic only. The following firewall configuration has two terms. The first term matches on the target redirect traffic (HTTP/HTTPS) and when found puts the traffic into the forwarding instance created in the prior step. That forwarding instance determines one thing—it forwards the traffic to the V10000 P1 port. The second term accepts all other (non- redirected) traffic. This term is very important, and if left out, all other traffic would be silently discarded. The reason for that is that a firewall filter has an implicit “deny” as a last term rule.
admin@SRX# show firewall family inet {
filter
from { protocol tcp;
port [ http https ];
}
then {
}
}
term default { then accept;
}
}
}
5.Attach the redirecting
admin@SRX# show interfaces
family inet { filter {
input
}
}
}
Copyright © 2010, Juniper Networks, Inc. | 9 |