Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

552
Views
0
Helpful
3
Replies
Highlighted
Devlin Thornicroft
Devlin Thornicroft Beginner
Beginner
‎10-02-2017 09:48 AM
‎10-02-2017 09:48 AM

Private VLANs - Juniper SRX Firewall

Hi all

 

We have a link from our switch to a Juniper SRX firewall configured as a promiscuous port. Over this link we configure a primary PVLAN. Connected to the switch we also have a bunch of servers all in the same isolated PVLAN which is mapped to the primary. In this situation how is ARP handled when one server needs to communicate with another? An intra-zone rule on the SRX? Proxy ARP maybe?

 

Thank you. 

Labels:
Everyone's tags (3)
0 Helpful
Reply
3 REPLIES 3
Reza Sharifi
VIP Expert Reza Sharifi VIP Expert
VIP Expert
‎10-02-2017 04:01 PM
‎10-02-2017 04:01 PM

Re: Private VLANs - Juniper SRX Firewall

Hi,

Not sure why you have the servers in a private vlan but if the gateway for the servers is on the firewall, you don't need any intra-zone policy.  If they are in the same zone, it should work fine. You need policy between zones.

HTH

0 Helpful
Reply
Devlin Thornicroft
Devlin Thornicroft Beginner
Beginner
‎10-07-2017 02:10 AM
‎10-07-2017 02:10 AM

Re: Private VLANs - Juniper SRX Firewall

Thank you Reza

 

Apologies for the delay. We're bound by the clients processes to use PVLANS. We've decided to split some of the servers into separate VLANs/subnets which means we just simply need to create an inter-zone policy on the firewall.

 

0 Helpful
Reply
Neil Sheridan
Neil Sheridan Beginner
Beginner
‎10-07-2017 04:22 PM
‎10-07-2017 04:22 PM

Re: Private VLANs - Juniper SRX Firewall

We have a similar situation to yours. Placing the servers into a COMMUNITY PVLAN negates the need for servers to traverse any links as they can communicate with each other.

 

 

0 Helpful
Reply
Latest Contents
Can 2 Routers have a same external IP address?
Created by Šimon Randiak on 10-18-2019 11:41 AM
1
0
1
0
I've got a one problem. Me and my friend have the same ISP. I checked my External IP address at WhatIsMyIp.com and my friend do it to. And we saw we have the same External IP.So my question is can 2 routers have the same External IP address?If i'm right 2... view more
LISP Locator ID Separation Protocol
Created by Mohamed Alhenawy on 10-18-2019 05:29 AM
0
0
0
0
LISP Protocol (Location Identifier Separation Protocol)!  - The LISP protocol has become a brilliant stardom with the digital transformation that we are now experiencing. - Today we will talk about the LISP protocol and its advantages and method of p... view more
How to deploy SD-Access ( SDA ) Fabric from start to finish ...
Created by pbagga on 10-18-2019 12:17 AM
0
0
0
0
SD-Access provides automated end-to-end services (such as segmentation, quality of service, and analytics) for user, device, and application traffic. SD-Access automates user policy so organizations can ensure the appropriate access control and applicati... view more
How to Create and Deploy a Security Policy with Cisco DNA Ce...
Created by faylee on 10-17-2019 02:24 PM
0
0
0
0
Purpose:  This document shows you how to create a group-based security policy in Cisco DNA Center.   Security policies determine the types of network traffic permitted or denied between scalable groups.  Scalable groups are a critical compo... view more
15-Minute Survey to Help Us Organize Network Management Task...
Created by jenchen3 on 10-17-2019 09:47 AM
0
0
0
0
Are you an experienced network professional? If yes, we'd like to understand how we can better organize network management activities in a way that makes sense to you. Your response will help Cisco improve a product feature that could benefit you.&nb... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards