Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
865
Views
0
Helpful
3
Replies
Devlin Thornicroft
Beginner
Beginner
‎10-02-2017 09:48 AM
‎10-02-2017 09:48 AM

Private VLANs - Juniper SRX Firewall

Hi all

 

We have a link from our switch to a Juniper SRX firewall configured as a promiscuous port. Over this link we configure a primary PVLAN. Connected to the switch we also have a bunch of servers all in the same isolated PVLAN which is mapped to the primary. In this situation how is ARP handled when one server needs to communicate with another? An intra-zone rule on the SRX? Proxy ARP maybe?

 

Thank you. 

Labels:
0 Helpful
3 REPLIES 3
Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert
‎10-02-2017 04:01 PM
‎10-02-2017 04:01 PM

Hi,

Not sure why you have the servers in a private vlan but if the gateway for the servers is on the firewall, you don't need any intra-zone policy.  If they are in the same zone, it should work fine. You need policy between zones.

HTH

0 Helpful
Devlin Thornicroft
Beginner
Beginner
In response to Reza Sharifi
‎10-07-2017 02:10 AM
‎10-07-2017 02:10 AM

Thank you Reza

 

Apologies for the delay. We're bound by the clients processes to use PVLANS. We've decided to split some of the servers into separate VLANs/subnets which means we just simply need to create an inter-zone policy on the firewall.

 

0 Helpful
Neil Sheridan
Beginner
Beginner
In response to Devlin Thornicroft
‎10-07-2017 04:22 PM
‎10-07-2017 04:22 PM

We have a similar situation to yours. Placing the servers into a COMMUNITY PVLAN negates the need for servers to traverse any links as they can communicate with each other.

 

 

0 Helpful
Latest Contents
SD-WAN Overview & Advanced Deployment Lab | Part.2
Created by Mohamed Alhenawy on 05-16-2021 08:36 AM
0
0
0
0
Today I'm going to write SD-WAN Overview & Advanced Deployment Lab Part ||* check out SD-WAN Overview & Advanced Deployment Lab Part | through this link : https://community.cisco.com/t5/networking-documents/sd-wan-overview-amp-advan... view more
Podcast: How did we go from 1G to 400G? The history of plugg...
Created by greghami on 05-14-2021 03:02 PM
0
5
0
5
Have you ever wondered why pluggable optics exist? Have you ever wondered what acronyms like QSFP, LR4, FEC, and PAM4 actually mean? In this first episode I start a conversation with my colleague Ray Nering. He explains to me how a lot of these came to be... view more
How to determine a legitimate hardware issue - Video
Created by ciscomoderator on 05-13-2021 10:07 PM
0
0
0
0
Support Talks video- How to determine a legitimate hardware issue (Live event -  Thursday 13 May, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris) This event had place on Thursday 13th, May 13 at 9:30hrs PST  This event helps you to ... view more
How to determine a legitimate hardware issue - Slides
Created by ciscomoderator on 05-12-2021 04:04 PM
3
5
3
5
Support Talks Slides- How to determine a legitimate hardware issue (Live event -  Thursday 13 May, 2020 at 9:30 am Pacific/ 12:30 pm Eastern / 6:30 pm Paris) This event had place on Thursday 13th, May 13 at 9:30hrs PST  This event helps you to ... view more
Global MPLS Design Using Carrier Supporting Carrier (CSC) wh...
Created by njrusmc on 05-11-2021 04:13 PM
0
5
0
5
Learn firsthand how I used MPLS as a core technology to solve the puzzle of connecting a Service Provider's diverse global sites in a secure, multi-tenant way. Click here to read the white paper and see the details of the complex network design that was c... view more
Content for Community-Ad