Juniper Networks V10000 Network Router User Manual

Open as PDF

of 12

IMPLEMENTATION GUIDE -Juniper Networks SRX Series Services Gateways/Websense V10000

2. Create a FBF that is used to redirect specific traffic from the User LAN to the V10000 P1 port.

This technique requires a forwarding-based routing-instance that has a single next-hop route to the V10000 P1 port.

The forwarding instance has an independent routing table, which is the basis for changing the routing rules for traffic

processing. In order to populate the forwarder’s routing table correctly, a policy-statement must be defined to only

include routing for the interface going to the V10000 P1 port—in this case ge-2/0/1.

admin@SRX# show policy-options

policy-statement only-web-redirect-interface {

term allow {

from {

instance master;

interface ge-2/0/1.0;

}

then accept;

}

term reject {

then reject;

}

The next part is to define the forwarding instance and import only the interface route defined by the only-web-

redirect-interface routing policy. The forwarding instance has a single next hop to the V10000 P1 address

192.168.10.12. This is the configuration that redirects all traffic to the V10000 P1 port for processing.

admin@SRK# show routing-instances

to-P1-V10000-alpha {

instance-type forwarding;

routing-options {

static {

route 0.0.0.0/0 next-hop 192.168.10.12;

}

instance-import only-web-redirect-interface;

}

3. Add a security policy from user-lan to web-redirect. This step is necessary to allow any traffic to be redirected to the

V10000. A separate access control list is used to explicitly specify which traffic is actually redirected.

admin@SRX# show security policies

from-zone user-lan to-zone web-redirect {

policy permit-all {

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}

Note that you should follow this step if the user-lan security zone has already been set up. If it has not been set up,

then do the following to first configure the physical interface and then the security zone. Within the security zone

definition there is an address book definition that identifies the local hosts on the user-lan network. This address book

definition is used in a later step involving a specific security policy.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Juniper Networks V10000 Network Router User Manual