This post is on SRX Transparent firewall. By definition, this is used for layer-2 connectivity and by this definition, any connectivity to this firewall will be in ETHERNET-BRIDGE

Requirement – Configure firewall to support Vlan-101 and make sure it spans correctly from SW-1 to SW-2 via firewall and make a layer-3 interface on firewall so that end switches can point other traffic to firewall using this ip as gateway.



First steps on initial configuration


As we can see, firewall will instruct us to do a reboot.

What if I try to assign an Ip on the firewall physical interface, we see the below error


Bridge domain needs to be configured with appropriate layer-3 ip, but as we can see you cannot call your layer-3 logical irb into security zone, you need to tag you physical interfaces

And as usual, do not forget to write intra-zone policies as the traffic needs to be passed between two different interfaces.


Ping verification from all nodes



Rakesh M