<div>
<div class="content wysiwyg-content">
I have a 3rd party device that's assigned a static IP address 10.10.10.10 which requires these firewall rules - which I simply quote:<br />
Ports to be opened bi-directional:<br />
5003<br />
80<br />
443<br />
So, I've created firewall rules to do this:<br />
Allow all LAN traffic from 10.10.10.10 to ANY<br />
Allow Port 5003 TCP from WAN ANY to 10.10.10.10<br />
Allow Port 80 from WAN ANY to 10.10.10.10<br />
Allow Port 443 from WAN ANY to 10.10.10.10<br />
Currently, I'm using a separate firewall and a separate public IP address to implement this. &nbsp;But, it seems inefficient.<br />
I'm wondering if I can't do the same thing in our Juniper SRX240 - something like this:<br />
Allow all LAN traffic from ???? to WAN ANY - maybe this is already there? &nbsp;Something must be.<br />
Allow Port 5003 TCP from WAN ANY to 10.10.10.10 ONLY<br />
Allow Port 80 from WAN ANY to 10.10.10.10 ONLY<br />
Allow Port 443 from WAN ANY to 10.10.10.10 ONLY<br />
<br />
The idea is that I'd not intended to open any ports at all on the SRX240.<br />
So, opening them ONLY for 10.10.10.10 seems most prudent.<br />
The question I have is HOW? &nbsp;I sure don't want to break the current SRX240 operation.
</div>
</div>


I have a 3rd party device that's assigned a static IP address 10.10.10.10 which requires these firewall rules - which I simply quote:
Ports to be opened bi-directional:
5003
80
443
So, I've created firewall rules to do this:
Allow all LAN traffic from 10.10.10.10 to ANY
Allow Port 5003 TCP from WAN ANY to 10.10.10.10
Allow Port 80 from WAN ANY to 10.10.10.10
Allow Port 443 from WAN ANY to 10.10.10.10
Currently, I'm using a separate firewall and a separate public IP address to implement this.  But, it seems inefficient.
I'm wondering if I can't do the same thing in our Juniper SRX240 - something like this:
Allow all LAN traffic from ???? to WAN ANY - maybe this is already there?  Something must be.
Allow Port 5003 TCP from WAN ANY to 10.10.10.10 ONLY
Allow Port 80 from WAN ANY to 10.10.10.10 ONLY
Allow Port 443 from WAN ANY to 10.10.10.10 ONLY

The idea is that I'd not intended to open any ports at all on the SRX240.
So, opening them ONLY for 10.10.10.10 seems most prudent.
The question I have is HOW?  I sure don't want to break the current SRX240 operation.

Opening Ports for Specific LAN IP Address on Juniper SRX240

Juniper

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Networking hardware includes the physical devices facilitating the use of a computer network. Typically, networking hardware includes gateways, routers, network bridges, modems, wireless access points, networking cables, line drivers, switches, hubs, and repeaters. But it also includes hybrid network devices such as multilayer switches, protocol converters, bridge routers, proxy servers, firewalls, network address translators, multiplexers, network interface controllers, wireless network interface controllers, ISDN terminal adapters and other related hardware.

Networking Hardware-Other

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Network Operations

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.