Hello team,
I have SRX210HE2 on my client my version is JUNOS 12.1X46-D40.2 with idp-signature database
My customer just want use a single zone (trust-to-trust) from the begining end customer required us transparent mode for this Juniper so end customer give us one ip address from their LAN and all interfaces (except one WAN interface for management purposes) are members of this vlan: This is the scenario:
LAN---int 0/3--SRX 210---int 0/7 WAN Juniper SRX end customer
---int 0/2 LAN Juniper SRX end customer (several host customer point to DG this Juniper)
---int 0/1 LAN Cisco Inet access (mostly host customer point to this DG)
My first question is if this scenario works without using Zones (see
On the other hand I´ve tested application firewall feature but seems like appFw not going to working; I tried to block specific application like youtube but doesn´t work
When I connect by teamviewer to one host and play youtube I didn´t see sessions matched just increase number of sessions with appid pending although application group is configured:
root@SRX_Montrel> show security application-firewall rule-set my-appfw
Rule-set: my-appfw
Rule: block youtube
Dynamic Applications: junos:YOUTUBE-STREAM, junos:YOUTUBE-COMMENT, junos:YOUTUBE
Dynamic Application Groups: junos:web:multimedia:web-based
<<< Action:deny
Number of sessions matched: 0
Number of sessions redirected: 0
Default rule
ermit
Number of sessions matched: 1
Number of sessions redirected: 0
Number of sessions with appid pending: 6<<<<
Any idea ?
Thanks in advanced.