Monday, September 30, 2019

Questions about Juniper SRX firewall config/operation

Hi,

I am trying to understand if we could do the following with a Juniper SRX3000 series firewall.

We are behind our organization's data center firewall. We are one of the units behind the firewall. Out default gateway for our externally routed subnets are on the SRX firewall. We would like to bring down the routing (for all our subnets, both internal and external) to our new layer 3 switches and use the SRX as our default next hop. Our network and infosec team are saying that the SRX cannot operate as a transit router (I don't know the proper term for this function) without massive changes to its config and how the firewall is operated. I tried to understand the necessary changes by reading the SRX manual. I couldn't find any info on how the firewall needs to be changed to act as transit router with filtering.

Can you throw some light on this issue? Is the firewall operation that different between it acting as default gateway vs transit router?

Thanks!



No comments:

Post a Comment