I too have been unable to get this type of basic service working on an SRX345 running JunOS 15.1X49-D45. I tried the following configuration:
system {
services {
ssh;
web-management {
http;
}
}
}
interfaces {
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members TestVlan2;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members TestVlan3;
}
}
}
}
irb {
unit 2 {
family inet {
address 192.168.1.1/27;
}
}
unit 3 {
family inet {
address 192.168.2.1/27;
}
}
}
}
security {
policies {
from-zone TestZone2 to-zone TestZone3 {
policy TestZone2-TestZone3 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone TestZone3 to-zone TestZone2 {
policy TestZone3-TestZone2 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
zones {
security-zone TestZone2 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
irb.2;
}
}
security-zone TestZone3 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
irb.3;
}
}
}
}
vlans {
TestVlan2 {
vlan-id 2;
l3-interface irb.2;
}
TestVlan3 {
vlan-id 3;
l3-interface irb.3;
}
}
My computer that is plugged into port ge-0/0/4 with IP Address 192.168.1.2/27 with a gateway of 192.168.1.1 is not able to even ping the 192.168.1.1 address on the router.
This type of basic functionality worked perfectly fine on the SRX240 (with "vlan" instead of "irb").