cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

552
Views
0
Helpful
3
Replies
Highlighted

Private VLANs - Juniper SRX Firewall

Hi all

 

We have a link from our switch to a Juniper SRX firewall configured as a promiscuous port. Over this link we configure a primary PVLAN. Connected to the switch we also have a bunch of servers all in the same isolated PVLAN which is mapped to the primary. In this situation how is ARP handled when one server needs to communicate with another? An intra-zone rule on the SRX? Proxy ARP maybe?

 

Thank you. 

Everyone's tags (3)
3 REPLIES 3
VIP Expert

Re: Private VLANs - Juniper SRX Firewall

Hi,

Not sure why you have the servers in a private vlan but if the gateway for the servers is on the firewall, you don't need any intra-zone policy.  If they are in the same zone, it should work fine. You need policy between zones.

HTH

Re: Private VLANs - Juniper SRX Firewall

Thank you Reza

 

Apologies for the delay. We're bound by the clients processes to use PVLANS. We've decided to split some of the servers into separate VLANs/subnets which means we just simply need to create an inter-zone policy on the firewall.

 

Beginner

Re: Private VLANs - Juniper SRX Firewall

We have a similar situation to yours. Placing the servers into a COMMUNITY PVLAN negates the need for servers to traverse any links as they can communicate with each other.

 

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards