3XLcom
asked on
Juniper SSG520 network
I have a new juniper ssg520 and my network topology as given below.
Is it possible to program juniper as transparent mode and watch / keep just the selected ip addresses not all of them ?
for ex. i have 10 c class ip address and i just want to activate syn protection for 5 - 10 single ip address
juniper.png
Is it possible to program juniper as transparent mode and watch / keep just the selected ip addresses not all of them ?
for ex. i have 10 c class ip address and i just want to activate syn protection for 5 - 10 single ip address
juniper.png
ASKER
What do you mean with zones ;
I am sorry i am newbee on juniper. so should i create zone with creating a vlan on cisco or juniper ?
or what should i do more ? i do not want to make the device busy for unnecessary ip addresses that does not get any attack ?
I am sorry i am newbee on juniper. so should i create zone with creating a vlan on cisco or juniper ?
or what should i do more ? i do not want to make the device busy for unnecessary ip addresses that does not get any attack ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you please check oiut my other juniper questions also
SYN Protection is part of the Screening options, and those are appliable only to zones, not IP addresses. And since an Interface can only belong to a single zone, you need to use different interfaces then. You do not need physical interfaces, subinterfaces (loopback) work fine with it.