Presentation is loading. Please wait.

Presentation is loading. Please wait.

SRX Secrets Michel Tepper.

Published byArline Gallagher Modified over 6 years ago

Similar presentations

Presentation on theme: "SRX Secrets Michel Tepper."— Presentation transcript:

1 SRX Secrets Michel Tepper

2 SRX Agenda Security Routing Switching

3 SRX Security Sure: statefull firewalling IPSEC But what about
Screening options IDP App secure UAC integration? ...es from-zone guest to-zone untrust policy p1 match source-identity ? Possible completions: <source-identity-name> Specify source-identity name from list to match [ Open a set of values any Any user includes authenticated, unauthenticated and unknown user authenticated-user All authenticated users unauthenticated-user All unauthenticated users unknown-user All unknown users

4 SRX Routing Static, of course OSPF BGP ISIS MPLS / VPLS BFD
Who knows the statement: set security forwarding-options family mpls mode packet-based ?

5 SRX Routing Route based VPN’s Not realy a secret anymore
But: very often static routing is used OSPF offers great redudancy Add BFD and failover occurs within a second.

6 SRX Routing Selective packet based
What if some traffic needs to by-pass the flow module?. Example: backup traffic Use a packet filter to create an exception!

7 SRX Routing Stateless firewall rules
Very usefull, even on a statefull device Drop traffic before it hits the flow module Class Of Service Rate limiting

8 SRX Switching LAG interfaces !! POE Also in SMB cluster
IN DataCentre with VRRP

9 SRX Thank you!

Download ppt "SRX Secrets Michel Tepper."

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
Integration of PAP site 17 th July 10. Requirements of PAP SITE  Bandwidth drop  Router  RJ45 cables  Switch  Gateway  Nodes  Ups  9urack.

Integration of PAP site 17 th July 10. Requirements of PAP SITE  Bandwidth drop  Router  RJ45 cables  Switch  Gateway  Nodes  Ups  9urack.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L6 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L6 1 Implementing Secure Converged Wide Area Networks (ISCW)
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
WiNG 5.3.

WiNG 5.3.
What’s New in Fireware XTM v11.5.3. Changes in Fireware XTM v11.5.3  Routing table changes  Feature key global expiration for some XTMv keys  IP address.

What’s New in Fireware XTM v Changes in Fireware XTM v  Routing table changes  Feature key global expiration for some XTMv keys  IP address.
Networking Components

Networking Components
TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.
DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.

DrayTek VPN Solution. Outline What is VPN What does VPN Do Supported VPN Protocol How Many Tunnels does Vigor Support VPN Application Special VPN Application.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 Access Control Lists - Introduction.

CISCO NETWORKING ACADEMY Chabot College ELEC Access Control Lists - Introduction.
NW Security and Firewalls Network Security

NW Security and Firewalls Network Security
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 6 Routing and Routing Protocols.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 6 Routing and Routing Protocols.

Similar presentations

Ads by Google