?
Solved

juniper firewall passing same vlan traffic accross multiple interfaces

Posted on 2012-08-22
2
Medium Priority
?
868 Views
Last Modified: 2012-09-04
wondering if  a juniper srx240 firewall which has multiple interfaces configured with the same set of vlans will pass the layer2 traffic to end devices.  In other words if I trunk interface 1 with switch 1 using vlans A,B,C and interface 2 with switch 2 using vlans A,B,C can devices from switch 1 vlan B communicate with devices in switch 2 vlan B as if they were directly connected?

thanks
0
Comment
Question by:FREDARCE
2 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 38324551
You would need firewall policies permitting inter or intra zone policies depending in which security zone you keep interface 1 and 2.
Please note srx is a firewall device and by default does not permit inter or intra zone traffic.

For more information on configuring policies please look at link below:
http://kb.juniper.net/KB16553

Also look at jumpstation:
http://kb.juniper.net/KB15694

Please implement and update.

Thank you.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 2000 total points
ID: 38324854
You need transparent mode:
example:
interfaces {
    ge-0/0/0 {
        unit 0 {
            family bridge {
                interface-mode access;
                vlan-id 10;
            }
        }
    }
    ge-0/0/7 {
        unit 0 {
            family bridge {            
                interface-mode access;
                vlan-id 10;


here is a good link:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21421&cat=SRX_240&actp=LIST


harbor235 ;}
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question