I have a 3rd party device that's assigned a static IP address 10.10.10.10 which requires these firewall rules - which I simply quote:
Ports to be opened bi-directional:
So, I've created firewall rules to do this:
Allow all LAN traffic from 10.10.10.10 to ANY
Allow Port 5003 TCP from WAN ANY to 10.10.10.10
Allow Port 80 from WAN ANY to 10.10.10.10
Allow Port 443 from WAN ANY to 10.10.10.10
Currently, I'm using a separate firewall and a separate public IP address to implement this. But, it seems inefficient.
I'm wondering if I can't do the same thing in our Juniper SRX240 - something like this:
Allow all LAN traffic from ???? to WAN ANY - maybe this is already there? Something must be.
Allow Port 5003 TCP from WAN ANY to 10.10.10.10 ONLY
Allow Port 80 from WAN ANY to 10.10.10.10 ONLY
Allow Port 443 from WAN ANY to 10.10.10.10 ONLY
The idea is that I'd not intended to open any ports at all on the SRX240.
So, opening them ONLY for 10.10.10.10 seems most prudent.
The question I have is HOW? I sure don't want to break the current SRX240 operation.