We help IT Professionals succeed at work.

Opening Ports for Specific LAN IP Address on Juniper SRX240

364 Views
Last Modified: 2017-03-31
I have a 3rd party device that's assigned a static IP address 10.10.10.10 which requires these firewall rules - which I simply quote:
Ports to be opened bi-directional:
5003
80
443
So, I've created firewall rules to do this:
Allow all LAN traffic from 10.10.10.10 to ANY
Allow Port 5003 TCP from WAN ANY to 10.10.10.10
Allow Port 80 from WAN ANY to 10.10.10.10
Allow Port 443 from WAN ANY to 10.10.10.10
Currently, I'm using a separate firewall and a separate public IP address to implement this.  But, it seems inefficient.
I'm wondering if I can't do the same thing in our Juniper SRX240 - something like this:
Allow all LAN traffic from ???? to WAN ANY - maybe this is already there?  Something must be.
Allow Port 5003 TCP from WAN ANY to 10.10.10.10 ONLY
Allow Port 80 from WAN ANY to 10.10.10.10 ONLY
Allow Port 443 from WAN ANY to 10.10.10.10 ONLY

The idea is that I'd not intended to open any ports at all on the SRX240.
So, opening them ONLY for 10.10.10.10 seems most prudent.
The question I have is HOW?  I sure don't want to break the current SRX240 operation.
Comment
Watch Question

IT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Fred MarshallPrincipal
CERTIFIED EXPERT

Author

Commented:
Tom:  Thanks!
Tom CieslikIT Engineer
CERTIFIED EXPERT
Distinguished Expert 2017

Commented:
Thank You Fred :)
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.