• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1017
  • Last Modified:

Disable ping between IP's - Juniper SRX

Hi Folks,

 
I would like to a partcular ip not to be pinged by other zones . So just to make it simple, if i just say source and destination with ping to deny, will it allow other services

-----------------------------------------
set security policies from-zone Y-BFLY to-zone MGMT-IN policy Y-BFLY-OUT match source-address SZ-Y-BFLY
set security policies from-zone Y-BFLY to-zone MGMT-IN policy Y-BFLY-OUT match destination-address any
set security policies from-zone Y-BFLY to-zone MGMT-IN policy Y-BFLY-OUT match application junos-icmp-all
set security policies from-zone Y-BFLY to-zone MGMT-IN policy Y-BFLY-OUT then deny

Regards,

SID
0
infiniti7181
Asked:
infiniti7181
  • 2
1 Solution
 
Sanga CollinsSystems AdminCommented:
Hi Sid, as long as you have a policy below the ones that block PING to allow other traffic, other services will run. Juniper processes policy in order so a block policy before an allow policy will take precedence.
0
 
infiniti7181Author Commented:
Hi,
Just to confirm what i typed the command earlier

Source A with Desitnation B with application ICMP to be denied . This means Source A with Destination  B will allow other services . Correct me if i am wrong.

Thanks for your help and support.

Regards,
SID
0
 
Sanga CollinsSystems AdminCommented:
You need:
#1 source A to Destination B, ICMP deny.

and after that you still need:
#2 source A to destination B 'other traffic' allow

when and ICMP packet matching #1 hits the juniper it will be dropped. If it does not match #1, it will traverse the device using rule #2

Note rule #2 may be covered by other rules like zone trust to zone untrust allow.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now