From the course: Juniper Security Policies Fundamentals
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Host inbound traffic examination
From the course: Juniper Security Policies Fundamentals
Host inbound traffic examination
- [Instructor] Traffic that is destined for the Junos device itself is referred to as host inbound traffic. Since the destination is the interface itself, this traffic terminates on the device. Security policies are not evaluated for host inbound traffic. On the SRX device, host inbound traffic needs to be configured under the security zone definition, as a list of allowed services and protocols. Before configuring host inbound traffic, let's try to ping the trust interface of the SRX device. To do this, I'm going to switch to a device that's sitting in the trust zone of the firewall. I'm at a terminal window, and I'm going to try ping 192.168.1.1. 192.168.1.1 is the IP address configured on the inside interface of the SRX. As you can see, the requests are being timed out. This is because I haven't permitted ICMP as a host inbound traffic. I'll keep this ping request going and switch to another tab where I'm already logged into the Junos device. I'm first going to enter configuration…