Quick Series 18 – SRX Transparent Firewall
Sep 10
jncie-security srx transparent firewall vsrx jncie No Comments
Hi,
This post is on SRX Transparent firewall. By definition, this is used for layer-2 connectivity and by this definition, any connectivity to this firewall will be in ETHERNET-BRIDGE
Requirement – Configure firewall to support Vlan-101 and make sure it spans correctly from SW-1 to SW-2 via firewall and make a layer-3 interface on firewall so that end switches can point other traffic to firewall using this ip as gateway.
Topology
First steps on initial configuration
As we can see, firewall will instruct us to do a reboot.
What if I try to assign an Ip on the firewall physical interface, we see the below error
Bridge domain needs to be configured with appropriate layer-3 ip, but as we can see you cannot call your layer-3 logical irb into security zone, you need to tag you physical interfaces
And as usual, do not forget to write intra-zone policies as the traffic needs to be passed between two different interfaces.
Ping verification from all nodes
Regards
Rakesh M