Type the following command in [edit security zone] hierarchy. You can see the configured security zones by typing Show Command under [edit security zones] hierarchy. To match source and destination IP address in the firewall rule we need to create an address book. We need to create address book of Mail Server that we have in the Trusted-Zone. To create address type following command in [edit security zones security-zone Trust-Zone] hierarchy. You can type show command to view the configuration for Trust-Zone till now.
We can see the address book and interface at this zone in screenshot shown below. We need to create firewall rule for traffic coming from Untrust-Zone to Trust-Zone. So we have to be in, [edit security policies from zone Untrust-Zone to-zone Trust-Zone] hierarchy. Since the traffic is coming from Untrust-Zone we need to match any source-addres and destination-address of MailServer then specify the condition.
We want to permit the traffic and log each sessions.
- Configuring NetScreen Firewalls.
- How to enable SNMP on a Juniper NetScreen firewall!
- Clarkesworld Magazine Issue 69.
Similarly, you can create firewall rule to pass any traffic from Trust-Zone to Untrust-Zone. In this way you can configure firewall rule in Juniper SRX firewall. You can configure logs to view traffic for Mail Server. Choose one of the following IKE versions and configure accordingly. Configure the Tunnel Interfaces 2. Create a Phase 1 Proposal 3. Create a Phase 2 Proposal 4. Configure the IKE Gateways 5. Configure Policy-Based Routing. In the upper-right corner, choose Tunnel IF. Click New. Tunnel Interface Name : Enter a number for the tunnel interface name.
In this example, it's tunnel. In this example, it's DNS Proxy : Deselect. Click OK. Name : Enter a name for the P1 proposal. In this example, it's ZscalerP1.
IPSec VPN Configuration Guide for Juniper SSG 20 | Zscaler Customer Community
Authentication Method : Choose Preshare. DH Group : Choose Group Lifetime : Configure a lifetime. In this example, it's 24 hours. In this example, it's ZscalerP2. Lifetime : In Time : Configure a lifetime. In Kbytes : Ensure it's "0". Version : Choose IKEv2. Remote Gateway : Select. Static IP Address : Select. Peer ID : Leave blank. Click Advanced. Peer : Choose preshare. Use As Seed : Leave unselected. In this example, it's the FQDN example safemarch.
- How to Backup a Netscreen Firewall;
- Configuring Juniper Networks NetScreen and SSG Firewalls [Book];
- Juniper Networks - How to setup a VPN between a Juniper Firewall and a Cisco PIX;
- Configuring juniper networks net screen and ssg firewalls!
Phase 1 Proposal : Choose the P1 proposal you created in 2. Create a Phase 1 Proposal. Mode Initiator : You can't modify this field. UDP Checksum : Leave unselected. Interval : Enter "5". Always Send : Select. Peer CA : Ensure it's None. Peer Type : Choose the peer type. In this example, it's XSIG. Click Return.
Configure the IKE Gateways. In this example, it's Primary-Gateway. Phase 2 Proposal : Choose the P2 proposal you created in 3.
Configuring Juniper Devices
Create a Phase 2 Proposal. Replay Protection : Select. Transport mode : Leave unselected. Configure the Tunnel Interfaces. Proxy-ID : Leave unselected. VPN Monitor : Select. Optimized : Select.
Rekey : Select. To configure PBR: a. Configure an Extended Access Control List b. Create a Match Group c. Create an Action Group d. Create a Policy e. Bind the Policy to the Trust Interfaces f. Create Policies for the Security Zones.